on 06-07-2021 18:01
Hi folks, I received a letter from Virgin Media saying "a device using your Internet connection may be infected with Malware". It said "On 12 June 2021, gamut, a piece of malware, was detected on a device using your internet connection."
With this being the case, would you suggest it's just a single device that's affected or could this have potentially compromised or my entire network?
Here's the reason why this is significant.
I have a tenant and she is using my connection. If it's just her windows laptop that's affected, it's not entirely my responsibility. However if it has more serious implications for my network as a whole then it's a bigger issue. I typically only use Macs.
on 06-07-2021 18:05
on 06-07-2021 18:15
Hi, I'm pretty sure it was legitimate. This is what it said:
We’ve been alerted that one or more of the devices you use to go on the internet is infected with malicious software (malware).We don’t know which device, but it does mean your personal data and online financial transactions, including any credit card purchases, could be at risk.
This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure.We’ll help you do that.
How we found the problem
To protect our customers, we work with a number of not-for-profit organisations that gather information about internet connections that appear to be at risk of things like malware infections. On 12 June 2021, one detected that gamut , a piece of malware, was present on a device using your internet connection.
What to do next
We recommend using anti-virus software to scan and clean up your devices. There are a number of trusted anti-virus software options available if you don’t have one already.
For help with this, please visit virginmedia.com/malware
06-07-2021 18:44 - edited 06-07-2021 19:05
VM do send out malware warning letters or emails, which are triggered by third-party monitoring. 'Gamut' seems to be a piece of Windows malware.
If your tenant is the only person using Windows, that would seem to be the place to start your investigation! Make sure her anti-virus is up to date and get her to run a full scan for starters. The free version of Malwarebytes is often recommended on the VM forums as another one to try.
If she does not use any other shared resources on your network, put her on a separate guest wireless network connection only to separate her from your personal home network.
on 07-07-2021 18:43
Hi @sandhun
Thank you for making this post regarding the malware letter you received from us. I'm sorry to hear that gamut was detected on a device using your connection.
Have you scanned all of your devices and requested the tenant to do the same thing?
Please do keep us posted on how things are going after the devices are scanned.
Best wishes,
Serena
on 16-07-2021 13:15
Hi, I have received 6 emails (all containing our account details and a VM reference numbers) purporting to be from Virgin Media stating we have a malware problem:
"We’ve now been alerted on five separate occasions that one or more of the devices you use to go on the internet is infected with malicious software (malware). This means there’s a significant risk that your personal data and any financial transactions you’ve made online have been compromised. The details of this alert are below.
This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure. We’ll help you do that."
So far I have received these emails on:
12/01/2021- 'iotmirai malware' (detected on 10 January 2021)
25/01/2021 - 'iotscan malware' (detected on 24/01/2021)
30/04/2021 - 'Mirai malware' (detected on 29/04/2021)
17/05/2021 - 'Mirai malware' (detected on 15/05/2021)
07/06/2021 - 'Mirai malware' (detected on 05/06/2021)
23/06/2021 - 'Mirai malware' (detected on 22/06/2021)
There is no help or any knowledge from Virgin media by phone, thus completely the contrary to the 'We will help you do this' stated in the email.
I have been told it is a scam by Virgin Tier 1 and 2 technical support and customer services. Importantly they have repeatedly told me not to click on any of the hyperlinks in these emails - I have not done so.
I was asked to forward one of the emails to phishing@virginmedia.com which I did on 07/06/2021 and asked them to call me. No one did.
Finally I spoke to a grumpy man in retentions who assured me the emails were genuine (contrary to everyone else at Virgin media to that point) and he got very irritated with me because I declined to click on any of the hyperlinks (based on the advice of all the telephone technical support advisers I have spoken to).
I then had an engineer visit - this week - who immediately thought the emails were a scam and took a screenshot so he could take it up with his team lead. He had no idea how to help though.
AND THEN TODAY - 16/07/2021 - I have received another communication but this time via Royal Mail post telling me now that I have 'conficker malware'.
Can anyone please tell me what to do, if anything? Also, does Virgin Media support answer these posts?
on 16-07-2021 13:39
on 16-07-2021 13:42
@Poppet64 wrote:Hi, I have received 6 emails (all containing our account details and a VM reference numbers) purporting to be from Virgin Media stating we have a malware problem:
<snip>
Can anyone please tell me what to do, if anything? Also, does Virgin Media support answer these posts?
VM support won't directly help you with the issue as the problem(s) will be on your own network, which is not VM's responsibility.
Have you viewed the VM info on 'Mirai', which seems to be related to IOT devices?
https://www.virginmedia.com/help/mirai-malware-alert
Do you have any such devices on your network?
Conficker is Windows malware. Do you have Windows devices connected? If so, what anti-virus/anti malware do you have in place? Have you run full anti-virus scans on your Windows devices? The free version of Malwarebytes is often recommended on here to use alongside other anti-virus software.
You should try to pin down your search first of all to the most-likely culprits for the malware which has been mentioned and investigate those first of all.
on 16-07-2021 13:43
@Poppet64 wrote:Hi, I have received 6 emails (all containing our account details and a VM reference numbers) purporting to be from Virgin Media stating we have a malware problem:
"We’ve now been alerted on five separate occasions that one or more of the devices you use to go on the internet is infected with malicious software (malware). This means there’s a significant risk that your personal data and any financial transactions you’ve made online have been compromised. The details of this alert are below.
This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure. We’ll help you do that."
So far I have received these emails on:
12/01/2021- 'iotmirai malware' (detected on 10 January 2021)
25/01/2021 - 'iotscan malware' (detected on 24/01/2021)
30/04/2021 - 'Mirai malware' (detected on 29/04/2021)
17/05/2021 - 'Mirai malware' (detected on 15/05/2021)
07/06/2021 - 'Mirai malware' (detected on 05/06/2021)
23/06/2021 - 'Mirai malware' (detected on 22/06/2021)
There is no help or any knowledge from Virgin media by phone, thus completely the contrary to the 'We will help you do this' stated in the email.
I have been told it is a scam by Virgin Tier 1 and 2 technical support and customer services. Importantly they have repeatedly told me not to click on any of the hyperlinks in these emails - I have not done so.
I was asked to forward one of the emails to phishing@virginmedia.com which I did on 07/06/2021 and asked them to call me. No one did.
Finally I spoke to a grumpy man in retentions who assured me the emails were genuine (contrary to everyone else at Virgin media to that point) and he got very irritated with me because I declined to click on any of the hyperlinks (based on the advice of all the telephone technical support advisers I have spoken to).
I then had an engineer visit - this week - who immediately thought the emails were a scam and took a screenshot so he could take it up with his team lead. He had no idea how to help though.
AND THEN TODAY - 16/07/2021 - I have received another communication but this time via Royal Mail post telling me now that I have 'conficker malware'.
Can anyone please tell me what to do, if anything? Also, does Virgin Media support answer these posts?
The VM Forum Team do respond to posts here when necessary.
They are likely to refer you to this help page:
virginmedia.com/malware
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks