Virgin Media Malicious Software (Malware) Scare Letter
Virgin Media sent me a letter (Reference: VMIS5-MALWARE-F009023838) saying “on 14 May 2021 DLTminer, a piece of malware, was present on a device using your internet connection” It went on to say scary things like “your personal data and online transactions, including credit cards could be at risk”, and said “we need to make some changes now to ensure your data remains safe”.
I rang them, got passed from Customer Services to their Technical Help Desk who transferred me back to Customer Services, put on hold, before the line went dead after 20 minutes.
After I rang back & was asked for my security details four times while being passed back and forth between departments, then again the line went dead after 15 minutes.
All I want to know from Virgin Media is;-
Exactly what happened on the 14th May that caused alarm? My router shows no increase in my data usage coincident with a mining bot in action.
Was it because I was generating traffic to a known illegal mining IP address?
The letter was dated the 17th May but I didn’t receive it until the 28th May. If urgent action is required, why the delay in posting and why not email?
Is the mining activity still happening now?
Please can someone answer these questions! It really is out of order to frighten someone and then not make themselves available to explain in detail.
It seems I am not alone, this forum is full of people in similar circumstances, and all that changes is the name of the malware. From research, DLTMiner seems to infect corporate mail servers rather than domestic computers.
I am coming to the conclusion that Virgin Media are using these letters as a form of revenue stream by frightening people and then deliberately making it difficult for us to talk to someone.
Instead the letter points to their website, virginmedia.com/malware where the solutions include Virgin Media Internet Security for £30 a year and their 24/7 Gadget Rescue service which offers a “one-off fix for only £60”.
I have MacAfee Anti-Virus software already running on all my Windows 10 computers, which has not picked up any problems.
I am really worried and need someone to come back to me with a copy of the technical report on the supposed malware, with specific times and dates. Until I see that, I am inclined to believe that these letters are an official Virgin scam.
One of the Virgin Media Forum Team (VM employees who support this forum) should pick up this thread and contact you in the next day or so. They are best placed to answer your specific questions arising from the letter.
However, as one VM customer talking to another I would just offer the following hints and tips:
1) As well as running a full scan with your MacAfee AV I would also scan with a malware scanner. I use Malwarebytes, the free version is available from here: https://www.malwarebytes.com/mwb-download/ That may well pick up malware that your AV package misses.
The only slight health warning I would give is that these days Malwaebytes insists on giving you a 14 day free trial of the premium (paid for) version. However once you have installed the free version you can end the 14 day trial straight away by going into the Malwarebytes settings (the cog symbol in their control panel) and then clicking on "Account".
If your AV scan and Malwarebytes scan both come up clean you have at least done the basic checks.
2) Regarding "Gadget Rescue", I would say that if you feel you need professional help you would be better going to an IT / computer services company local to where you live. Certainly on the Email section of this forum the Gadget Rescue telephone service does not get good reviews.
3) . The detection of malware by ISPs and others usually involves checking for specific types of suspicious traffic coming from or being sent to your network. That means it is likely that they are seeing evidence that something on your network may be compromised rather than seeing that the malware itself has been installed. From what I have seen DLTminer does seem to focus on Microsoft Exchange servers so if you are not using Exchange it is possible that this is a false positive
I hope that's helpful.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
Welcome to our Community and thanks so much for your first post - I was sorry to understand that this letter has given you cause for concern. Let me reassure you that these are not send to frighten you nor are they a scam. They are sent to advise of activity that has been detected on your IP; we are made aware of these issues via the third parties for port scanning activity. They are not able to see what device the possible infection has come from; just the IP address associated with it.
All information we have will be listed on the letter we have sent. These are sent via both email and post. We sent via both methods to ensure that the notification is received - I can only apologise that you have not had the email in question. I would advise checking your spam/junk folder or confirm your contact email address via your online account
We have a dedicated webpage that explains the malware in more detail - I have linked it below for you but I believe you have posted the same link in your post