I have received yet another letter this time stating that on 11th July suspicious activity was detected.
It also gave me an identification of the malicious software detected which in this case is zeroaccess.
This is an old rootkit but has become more active lately as it can be used to install malicious packages.
I have scanned with my AV software, Sophos, and also performed an external scan using Trend HouseCall including across the whole of my network and all devices on it.
All devices come back clean so I now need to know why the third party is listing my IP as having this malicious traffic?
Also if I keep receiving the threat that my connection will be terminated under the fair use policy this will affect my work as I work from home a lot as I am sure others do to.
Can this be escalated to the third party so I can get more information of the traffic they are seeing? Then at least I can try and narrow down what they are looking at. I am used to doing this as I do this from a security point of view in my job every day.
In the meantime I will do some packet captures of the WAN connection to see if I can see any traffic that I am unaware of.