Virgin Media Virgin Media Community

sandhun · ‎06-07-2021

Hi folks, I received a letter from Virgin Media saying "a device using your Internet connection may be infected with Malware". It said "On 12 June 2021, gamut, a piece of malware, was detected on a device using your internet connection."

With this being the case, would you suggest it's just a single device that's affected or could this have potentially compromised or my entire network?

Here's the reason why this is significant.

I have a tenant and she is using my connection. If it's just her windows laptop that's affected, it's not entirely my responsibility. However if it has more serious implications for my network as a whole then it's a bigger issue. I typically only use Macs.

j05h · ‎06-07-2021

Did the letter ask you to take any course of action? That sounds like a common scam, I don't believe Virgin ever play a part in detecting any malware as that would be up to your devices to do so.

sandhun · ‎06-07-2021

Hi, I'm pretty sure it was legitimate. This is what it said:

We’ve been alerted that one or more of the devices you use to go on the internet is infected with malicious software (malware).We don’t know which device, but it does mean your personal data and online financial transactions, including any credit card purchases, could be at risk.

This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure.We’ll help you do that.

How we found the problem

To protect our customers, we work with a number of not-for-profit organisations that gather information about internet connections that appear to be at risk of things like malware infections. On 12 June 2021, one detected that gamut , a piece of malware, was present on a device using your internet connection.

What to do next

We recommend using anti-virus software to scan and clean up your devices. There are a number of trusted anti-virus software options available if you don’t have one already.

For help with this, please visit virginmedia.com/malware

goslow · ‎06-07-2021

VM do send out malware warning letters or emails, which are triggered by third-party monitoring. 'Gamut' seems to be a piece of Windows malware.

If your tenant is the only person using Windows, that would seem to be the place to start your investigation! Make sure her anti-virus is up to date and get her to run a full scan for starters. The free version of Malwarebytes is often recommended on the VM forums as another one to try.

If she does not use any other shared resources on your network, put her on a separate guest wireless network connection only to separate her from your personal home network.

Serena_C · ‎07-07-2021

Hi @sandhun

Thank you for making this post regarding the malware letter you received from us. I'm sorry to hear that gamut was detected on a device using your connection.

Have you scanned all of your devices and requested the tenant to do the same thing?

Please do keep us posted on how things are going after the devices are scanned.

Best wishes,

Serena

Poppet64 · ‎16-07-2021

Hi, I have received 6 emails (all containing our account details and a VM reference numbers) purporting to be from Virgin Media stating we have a malware problem:

"We’ve now been alerted on five separate occasions that one or more of the devices you use to go on the internet is infected with malicious software (malware). This means there’s a significant risk that your personal data and any financial transactions you’ve made online have been compromised. The details of this alert are below.

This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure. We’ll help you do that."

So far I have received these emails on:

12/01/2021- 'iotmirai malware' (detected on 10 January 2021)

25/01/2021 - 'iotscan malware' (detected on 24/01/2021)

30/04/2021 - 'Mirai malware' (detected on 29/04/2021)

17/05/2021 - 'Mirai malware' (detected on 15/05/2021)

07/06/2021 - 'Mirai malware' (detected on 05/06/2021)

23/06/2021 - 'Mirai malware' (detected on 22/06/2021)

There is no help or any knowledge from Virgin media by phone, thus completely the contrary to the 'We will help you do this' stated in the email.

I have been told it is a scam by Virgin Tier 1 and 2 technical support and customer services. Importantly they have repeatedly told me not to click on any of the hyperlinks in these emails - I have not done so.

I was asked to forward one of the emails to phishing@virginmedia.com which I did on 07/06/2021 and asked them to call me. No one did.

Finally I spoke to a grumpy man in retentions who assured me the emails were genuine (contrary to everyone else at Virgin media to that point) and he got very irritated with me because I declined to click on any of the hyperlinks (based on the advice of all the telephone technical support advisers I have spoken to).

I then had an engineer visit - this week - who immediately thought the emails were a scam and took a screenshot so he could take it up with his team lead. He had no idea how to help though.

AND THEN TODAY - 16/07/2021 - I have received another communication but this time via Royal Mail post telling me now that I have 'conficker malware'.

Can anyone please tell me what to do, if anything? Also, does Virgin Media support answer these posts?

DavidJWalker · ‎16-07-2021

i had this issue with malware but factory restore gets rid of it nomaly windows 10 does pick up malware and put it to one side for the user to comfirm to delete it tell the tenent to be carefull on the internet or decine her internet access the virgin media connect app on the moblie can pause the internet connection on that device untill she can get her laptop sorted if she does not listen keep it on pause if its 6 times she does not listen tell her to move out

some people do not listen to you make them saying no internet access pause it or log into your router you can ban there id of her laptop

its your internet connection not the tenent's you have control

Using Ultimate Volt bundle

Just another VM user trying to help out so my answers may be wrong. If you do like my answer please mark it as helpful; it may help others

goslow · ‎16-07-2021

@Poppet64 wrote:
Hi, I have received 6 emails (all containing our account details and a VM reference numbers) purporting to be from Virgin Media stating we have a malware problem:
<snip>
Can anyone please tell me what to do, if anything? Also, does Virgin Media support answer these posts?

VM support won't directly help you with the issue as the problem(s) will be on your own network, which is not VM's responsibility.

Have you viewed the VM info on 'Mirai', which seems to be related to IOT devices?

https://www.virginmedia.com/help/mirai-malware-alert

Do you have any such devices on your network?

Conficker is Windows malware. Do you have Windows devices connected? If so, what anti-virus/anti malware do you have in place? Have you run full anti-virus scans on your Windows devices? The free version of Malwarebytes is often recommended on here to use alongside other anti-virus software.

You should try to pin down your search first of all to the most-likely culprits for the malware which has been mentioned and investigate those first of all.

Graham_A · ‎16-07-2021

@Poppet64 wrote:
Hi, I have received 6 emails (all containing our account details and a VM reference numbers) purporting to be from Virgin Media stating we have a malware problem:
"We’ve now been alerted on five separate occasions that one or more of the devices you use to go on the internet is infected with malicious software (malware). This means there’s a significant risk that your personal data and any financial transactions you’ve made online have been compromised. The details of this alert are below.
This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure. We’ll help you do that."
So far I have received these emails on:
12/01/2021- 'iotmirai malware' (detected on 10 January 2021)
25/01/2021 - 'iotscan malware' (detected on 24/01/2021)
30/04/2021 - 'Mirai malware' (detected on 29/04/2021)
17/05/2021 - 'Mirai malware' (detected on 15/05/2021)
07/06/2021 - 'Mirai malware' (detected on 05/06/2021)
23/06/2021 - 'Mirai malware' (detected on 22/06/2021)
There is no help or any knowledge from Virgin media by phone, thus completely the contrary to the 'We will help you do this' stated in the email.
I have been told it is a scam by Virgin Tier 1 and 2 technical support and customer services. Importantly they have repeatedly told me not to click on any of the hyperlinks in these emails - I have not done so.
I was asked to forward one of the emails to phishing@virginmedia.com which I did on 07/06/2021 and asked them to call me. No one did.
Finally I spoke to a grumpy man in retentions who assured me the emails were genuine (contrary to everyone else at Virgin media to that point) and he got very irritated with me because I declined to click on any of the hyperlinks (based on the advice of all the telephone technical support advisers I have spoken to).
I then had an engineer visit - this week - who immediately thought the emails were a scam and took a screenshot so he could take it up with his team lead. He had no idea how to help though.
AND THEN TODAY - 16/07/2021 - I have received another communication but this time via Royal Mail post telling me now that I have 'conficker malware'.
Can anyone please tell me what to do, if anything? Also, does Virgin Media support answer these posts?

The VM Forum Team do respond to posts here when necessary.

They are likely to refer you to this help page:

virginmedia.com/malware

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Virgin Media Virgin Media Community

Virgin Media Virgin Media Community

VM Malware letter