Hi Robl216, 

Thank you for your post and welcome to our forums 🙂

I am sorry to hear you have received a malware letter. Unfortunately, we are unable to specify the device. We advise you follow the advice in the letter.

Zoie

Thank you for your reply.

However the letter just states to scan for malicious software, which I have done, and then post on this forum for further advice!!

No other information is provided.

I have found this - can you let me know if you can check it out please 🙂 

https://community.virginmedia.com/t5/Security-matters/Email-Letter-received-Malware-Denial-of-Servic...

Cheers, 

Ryan. 

Thank you for the update however it now seems to be back.

I have now received an email stating that "A device using your internet connection may be infected with malware"

I have up to date business grade AV on all my devices on my home network.  All the email states is to come here for further assistance.

I am an IT professional with over 30 years in the business. To able to identify the supposed culprit I need much more information about what the malicious software is dong.  This will allow be to try and narrow down which device is supposedly causing this issue.

The threat of terminating my connection is unwarranted without providing me the necessary information t be able to diagnose the problem.

Can someone provide me with more details of this supposed detected malware so that I can investigate?

Hi @robl216

Thanks for your reply and welcome back to the forum.

As long as you have all devices fully scanned then there is no need to worry, does the letter / communication advise of a date of detection for the malware?

Regards

Hi @Travis_M,

I have received yet another letter this time stating that on 11th July suspicious activity was detected.

It also gave me an identification of the malicious software detected which in this case is zeroaccess.

This is an old rootkit but has become more active lately as it can be used to install malicious packages.

I have scanned with my AV software, Sophos, and also performed an external scan using Trend HouseCall including across the whole of my network and all devices on it.

All devices come back clean so I now need to know why the third party is listing my IP as having this malicious traffic?

Also if I keep receiving the threat that my connection will be terminated under the fair use policy this will affect my work as I work from home a lot as I am sure others do to.

Can this be escalated to the third party so I can get more information of the traffic they are seeing?  Then at least I can try and narrow down what they are looking at.  I am used to doing this as I do this from a security point of view in my job every day.

In the meantime I will do some packet captures of the WAN connection to see if I can see any traffic that I am unaware of.

Regards,

Rob.

Thank you for your post. 

If the team have let you know within the mail/email you've received what this is relating to - then that would be the confirmation. If you have done everything set out within the guidelines of the mail then you wouldn't need to do anything else. 

We wouldn't be able to escalate it with the team as if it has been identified to something like this - for security reasons the relevant would be sent out. As mentioned above if the steps have been followed that is all you would need to make sure of.

Cheers, 

Ryan.

So I have run numerous scans of my network and devices with different products and all have come back clear.

I can find no infections anywhere on my network.

I have now just receive another email from Virgin Media Security stating the following:

Our Reference: VMIS62-NETWORKATTACKS-F010005116

Dear Mr [%customer.last_name %],

Please take action now: a device using your internet connection is infected with malware

We’ve now been alerted on three separate occasions that malicious traffic is coming from a device using your internet connection.

We need to let you know that if you don’t get it fixed, to protect others we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy.

What am I supposed to do now?

I really need to know what is being detected so I can try to eliminate this issue.  Traffic and port range would be good for a start.

Rob

Thank you for that information robl216. 

If you have followed the advice on the letter we can proceed with escalating this. 

To do so I will need to private message you to confirm some information. 

^Martin