Menu
Reply
MikeG81
  • 2
  • 0
  • 0
Joining in
1,087 Views
Message 1 of 6
Flag for a moderator

Virgin Media Internet Security Email - Gumblar Malware

Hello,

Today I received my third email from the VM Internet Security Team stating that they have detected for a third time a piece of malware on a device using my internet connection. They name the Malware as Gumblar. The emails have been approx 2 weeks apart each time.
The email looks legitimate and I have seen in this forum that others have had similar emails.

I have two issues with this:

  1. It is frustrating that the emails come with no indication on what device this malware was detected
  2. I don’t believe it is an accurate detection

When I got the first email in November, I carried out a full review - here are some key points.

  • VM router is wired to my Eero hub which creates a mesh network with two other Eero devices (firmware is fully up to date)
  • There is no WiFi signal being broadcasted from the VM router
  • The Eero account has a strong / unique password which I have changed since the first VM email
  • I have visibility of every device attached to the Eero network via their app
  • There are three types of devices on the network. (1), iOS and Mac devices, (2), HomeKit devices with Apple HomeKit Accessory Security enabled, all devices set to ‘restricted to home’, (3) other smart home devices, one is a Samsung TV and the other are two Dyson air purifiers.
  • All of the above I would class as trusted devices, or as much as you can use the word trust in this space
  • I have a digital photo frame from Amazon which had WiFi access - this looked like a suspect so I turned the WiFi off on the device but have since had two emails from VM about malware

I am now at a loss as to what is potentially infected by malware.

Has anyone had similar experiences or have any thoughts on this?

Thank you 

Tags (3)
0 Kudos
Reply
SCA1972
  • 5.89K
  • 662
  • 2K
Very Insightful Person
Very Insightful Person
1,073 Views
Message 2 of 6
Flag for a moderator

Re: Virgin Media Internet Security Email - Gumblar Malware


@MikeG81 wrote:

Hello,

Today I received my third email from the VM Internet Security Team stating that they have detected for a third time a piece of malware on a device using my internet connection. They name the Malware as Gumblar. The emails have been approx 2 weeks apart each time.
The email looks legitimate and I have seen in this forum that others have had similar emails.

I have two issues with this:

  1. It is frustrating that the emails come with no indication on what device this malware was detected
  2. I don’t believe it is an accurate detection

I have thoughts but I'm no security expert.

With regard to issue one, they can't tell you the specific device as that would require them to access and spy on your LAN which they are not allowed to do.

Based on a quick Google Gumblar seems to target Windows PCs through Javascript on infected web sites.  As you don't appear to have any devices running Windows it seems to me unlikely that you are infected with this malware.

So if I'm correct about Gumblar that leaves a few possibilities:

1. The emails are not from VM and are phishing attempt to steal your details.

2. The emails are genuine but referencing the wrong malware.

3. The emails are genuine but this is a false positive and VM need to correct it.

______________________
Scott

My setup: VM TV box, M350 Fibre broadband with Hub 3 in modem mode connected to a Netgear R7000 router. Telewest/VM user since 2001.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
MikeG81
  • 2
  • 0
  • 0
Joining in
1,069 Views
Message 3 of 6
Flag for a moderator

Re: Virgin Media Internet Security Email - Gumblar Malware

Thanks for the insight. 

I’ve been in contact just now with the VM team on the Chat function and they confirm the emails are genuinely from them. Aside from advising to follow the steps in the email (run an anti-virus scan), no further help has been offered. 

The Mac I have has ran a security scan and it came back clean. I’ve reset the Eero WiFi password twice since the first email. 

As you say, all roads look like they lead to your points 2 or 3

0 Kudos
Reply
SCA1972
  • 5.89K
  • 662
  • 2K
Very Insightful Person
Very Insightful Person
1,061 Views
Message 4 of 6
Flag for a moderator
Helpful Answer

Re: Virgin Media Internet Security Email - Gumblar Malware

In that case I'd just ignore the emails as it looks like a false positive and should clear eventually.

Based on a few cases on this forum it seems that the VM security team, or their software, is far from infallible and false positives are not uncommon.

______________________
Scott

My setup: VM TV box, M350 Fibre broadband with Hub 3 in modem mode connected to a Netgear R7000 router. Telewest/VM user since 2001.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
用心棒
  • 5.93K
  • 666
  • 2.06K
Very Insightful Person
Very Insightful Person
1,027 Views
Message 5 of 6
Flag for a moderator

Re: Virgin Media Internet Security Email - Gumblar Malware

Consider contact Team Cymru to discuss the veracity of the Gumblar detections; also see see Re: Malware warning via email

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Tudor
  • 8.45K
  • 674
  • 1.51K
Very Insightful Person
Very Insightful Person
986 Views
Message 6 of 6
Flag for a moderator

Re: Virgin Media Internet Security Email - Gumblar Malware

One point you raised: 

  1.  It is frustrating that the emails come with no indication on what device this malware was detected

This is good not bad, you do not want anyone VM included looking inside your local network, it should be secure.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply