PDA

View Full Version : 30M Virgin Media Virus Letter?


desi112
04-06-2011, 12:44
Hi Guys, was wondering if this is normal...
I got a letter today from Virgin it says
'we believe your pc may be infected with a virus, we have recently received a report from Law Enforcement that suggests that a computer on your network may have been infected.....'

Virus Detected: SpyEye Trojan
Date and time: 18/2/2011 / 7:45pm (FEB!)

Then it gives further advise abotu how to remove it....
I know I had a virus before that tried to steal my halifax banking information But I managed to get rid of this..
Ofcourse I will be running a full Antivirus check on all my systems.

Just wondering if anyone else has had any of these?

Neo-Tech
04-06-2011, 12:50
I don't think Virgin have ever sent out a letter about viruses before.

Could you get a scan of it? (Hiding your personal details of course.) :)

Kymmy
04-06-2011, 13:03
It's a fake... VM woudn't use an American term like "Law enforcment" does it have a link to your account?? If so then you'll probably find that the URL goes elsewhere to a fake page.

desi112
04-06-2011, 13:08
It was a letter (hardcopy) sent to me with my virgin details uploading. The letter is below


http://imageshack.us/photo/my-images/94/scansdt.jpg

Like I said I did have a virus on my machine back in Feb I think and I noticed it when I signed into my halifax online account. Got rid of it ages ago but still scanning every machine currently with
Malwarebytes and Avast

Sirius
04-06-2011, 13:16
Pretty certain this IS real. Saw a story on our intranet last week about them being sent. Someone even pulled the usage of the wording Law enforcement

Chrysalis
04-06-2011, 13:18
Seems an odd way to deal with it by sending letter, I would expect isp to suspend your account and then ring you up to help you in cleaning the infection before reinstating the account.

Kymmy
04-06-2011, 13:18
Sorry I thought you meant an email.. :blush:

Install Spybot S&D and also Malwarebytes do a full scan on both and that should find and cure the issue..

Sirius
04-06-2011, 13:20
Seems an odd way to deal with it by sending letter, I would expect isp to suspend your account and then ring you up to help you in cleaning the infection before reinstating the account.

Better than them doing nothing at all?

Ben B
04-06-2011, 13:21
How would they know this though would it be traffic on the internet connection because surely they're not allowed to tap into peoples computers?

Welshchris
04-06-2011, 13:22
a friend of mine had a letter similar to this years ago claiming that something on his webspace was infected with a virus even though he had left Virgin and could no longer gain access to the webspace. It took him ages to get them to sort it and delete what was on there which should have been done when he left. So yes they do send out letters but strange how it claims that Law Enforcement suggests it.

Skie
04-06-2011, 13:29
Yeah the "Law Enforcement" bit does seem odd.

But Telewest/Blueyonder used to do this occasionally if they noticed typical botnet traffic coming from a customers ip (usually on a port that was well used by whatever virus was doing the rounds). They would even sometimes suspend your connection until you told them it had been sorted. Rare, but it did happen.

Chrysalis
04-06-2011, 14:14
they can know because many trojans have a bot that connects to a irc channel, so if a botnet has been discovered then they may have collated a list of infected ip's.

Neo-Tech
04-06-2011, 14:27
Hmm yeah, but what if your IP has changed? This is over 4 months old, and their IP could have changed since and someone else might have it?

I know VM IPs can change like BT's without a reboot, happened to a friend of mine who got moved to a different port but his modem didn't restart or say anything in the modem logs.

Chrysalis
04-06-2011, 14:34
yes it could well be sent to the wrong person and especially if its old, that would depend on if VM have accurate records of past IP usage history.

Welshchris
04-06-2011, 14:38
i just put the number in on that letter to google expecting to find atleast one reference to it somewhere and NOTHING. I find it weird that they say they can remotely access of ur system and help clean a virus. Usually companies dont like to get involved in such things so directly incase of data loss which u may blame them for.

Sirius
04-06-2011, 14:39
yes it could well be sent to the wrong person and especially if its old, that would depend on if VM have accurate records of past IP usage history.

Pretty certain they do. I think its a legal requirement

How do you think they can give the details of a customer to the court if the court request it should that customer have been identified as having been file sharing ?

You really are trying your damndest to find as much fault with this as you can aren't you.

Chrysalis
04-06-2011, 14:44
I would assume they are recorded.

Peter_
04-06-2011, 16:17
i just put the number in on that letter to google expecting to find atleast one reference to it somewhere and NOTHING. I find it weird that they say they can remotely access of ur system and help clean a virus. Usually companies dont like to get involved in such things so directly incase of data loss which u may blame them for.
Are you the only person who has not heard of Digital Home Support.

http://help.virginmedia.com/system/selfservice.controller?CONFIGURATION=1002&PARTITION_ID=1&TIMEZONE_OFFSET=&USERTYPE=&VM_CUSTOMER_TYPE=Cable&CMD=VIEW_ARTICLE&ARTICLE_ID=195442

Our free support is there to help you with the services and products you get directly from Virgin Media.
It doesn’t include help with the digital stuff you bought yourself and isn’t supplied by Virgin Media such as your own computer or your own (non Virgin Media) wireless router.
This is where Virgin Media Digital Home Support comes in. Digital Home Support offers 24-hour care for you, your computer and your digital gadgets. If you have a question or a crisis, morning, noon or night, our Tech Experts are on hand to help.

Kymmy
04-06-2011, 17:04
Image in post #4 reduced to link due to it being oversized please reduce in size if you want to re-instate as a picture

Welshchris
04-06-2011, 21:16
Are you the only person who has not heard of Digital Home Support.

http://help.virginmedia.com/system/selfservice.controller?CONFIGURATION=1002&PARTITION_ID=1&TIMEZONE_OFFSET=&USERTYPE=&VM_CUSTOMER_TYPE=Cable&CMD=VIEW_ARTICLE&ARTICLE_ID=195442

Possible because i would rather put my computer in the hands of PC World before i would with Virgin ;)

Sirius
04-06-2011, 21:29
Possible because i would rather put my computer in the hands of PC World before i would with Virgin ;)

That would be your choice. PC world is at the bottom of my list of companies to trust and have a similar position as BT,Centrica and any union.

Peter_
04-06-2011, 23:42
Possible because i would rather put my computer in the hands of PC World before i would with Virgin ;)
They doing remote access and will stay on the phone for as long as it takes and they are all computer guys who do not have a script as oddly enough you cannot fix a computer from a script, also it is a company called Radialpoint (http://www.radialpoint.com/en/home/index.php)providing the service for Virginmedia with a much better reputation than the bottom feeding guys from PC World called the Tech Guys.

pip08456
04-06-2011, 23:45
Sorry I thought you meant an email.. :blush:

Install Spybot S&D and also Malwarebytes do a full scan on both and that should find and cure the issue..

Good advice Kymmy.

You could always do an online scan with Housecall (http://housecall.trendmicro.com/uk/) as well.

Nopanic
04-06-2011, 23:54
Seems an odd way to deal with it by sending letter, I would expect isp to suspend your account and then ring you up to help you in cleaning the infection before reinstating the account.

I would expect a lock down too .. but they can't do cold calling, DPA restrictions ..

Hmm yeah, but what if your IP has changed? This is over 4 months old, and their IP could have changed since and someone else might have it?

I know VM IPs can change like BT's without a reboot, happened to a friend of mine who got moved to a different port but his modem didn't restart or say anything in the modem logs.

Pretty certain they do. I think its a legal requirement

How do you think they can give the details of a customer to the court if the court request it should that customer have been identified as having been file sharing ?

You really are trying your damndest to find as much fault with this as you can aren't you.

VM do, they have to keep them for a certain amount of time by Law and for some odd reason that amount of time is very restricted information .. I had to agree to some weird things before I was told .. one of which is to never kick a cat ..

Skie
05-06-2011, 00:23
I would expect a lock down too .. but they can't do cold calling, DPA restrictions ..


DPA dosent stop a company contacting its own customers. Banks call their customers all the time to check transactions (and try and sell bleeding products..)

Nopanic
05-06-2011, 00:25
DPA dosent stop a company contacting its own customers. Banks call their customers all the time to check transactions (and try and sell bleeding products..)

For some reason around DPA, VM do not allow for cold calling of customers around faults or account issues.

If for example I were to find an account sending spam email, I would lock the mailbox, note the account and wait for them to call. To be perfectly honest I've never thought to question it, it's been like that since back when I was taking calls ..

Peter_
05-06-2011, 00:26
DPA dosent stop a company contacting its own customers. Banks call their customers all the time to check transactions (and try and sell bleeding products..)
That is rather different to what we are allowed to do under the regulations as a telecommunications company.

pip08456
05-06-2011, 00:33
For some reason around DPA, VM do not allow for cold calling of customers around faults or account issues.

If for example I were to find an account sending spam email, I would lock the mailbox, note the account and wait for them to call. To be perfectly honest I've never thought to question it, it's been like that since back when I was taking calls ..

Never stopped VM calling me about account issues when I was with.

I just used to ask them for the 3rd letter of my password to authenticate them. When they refused due to DPA I politely told them I would not talk to them.

DPA works both ways!

Welshchris
05-06-2011, 00:35
They doing remote access and will stay on the phone for as long as it takes and they are all computer guys who do not have a script as oddly enough you cannot fix a computer from a script, also it is a company called Radialpoint (http://www.radialpoint.com/en/home/index.php)providing the service for Virginmedia with a much better reputation than the bottom feeding guys from PC World called the Tech Guys.

atleast the "Bottom feeding guys from PC World" u dont have a language barrier with in understanding and dont always end up with the same thing "ITS YOUR PC THATS THE FAULT!"

Nopanic
05-06-2011, 00:36
Never stopped VM calling me about account issues when I was with.

I just used to ask them for the 3rd letter of my password to authenticate them. When they refused due to DPA I politely told them I would not talk to them.

DPA works both ways!

Did you call them first ? they can call you back ..

atleast the "Bottom feeding guys from PC World" u dont have a language barrier with in understanding and dont always end up with the same thing "ITS YOUR PC THATS THE FAULT!"

Once you explain to the guys at PC world what a PC is and that you want it fixing not replacing with some boated POS .. :td:

pip08456
05-06-2011, 00:37
Did you call them first ? they can call you back ..




No!

Peter_
05-06-2011, 00:40
atleast the "Bottom feeding guys from PC World" u dont have a language barrier with in understanding and dont always end up with the same thing "ITS YOUR PC THATS THE FAULT!"
Did you click the link as they are either from Airdrie or Texas, even the old PC Help service was based in Scotland.

Also how can a computer help service and have them blame your computer when that is the reason you are calling them in the first place.


Somehow Chris i think you are talking about offshore technical support not a out off support scope computer help centre which is completely different and staffed by computer geeks.

Skie
05-06-2011, 01:10
VM do, they have to keep them for a certain amount of time by Law and for some odd reason that amount of time is very restricted information .. I had to agree to some weird things before I was told .. one of which is to never kick a cat ..

If its the retentions period in the 2009 regs then it is 12 months. I know there are proposals to extend it (well, Labour were pushing for it) and knowing how convoluted our legal system is there are probably past laws that have their own time periods defined. I think the secrecy thing you are referring to is the actual warrants/interception orders. Spilling the beans about these = 5 years in jail.

---------- Post added 05-06-2011 at 00:10 ---------- Previous post was 04-06-2011 at 23:48 ----------

That is rather different to what we are allowed to do under the regulations as a telecommunications company.

The act makes no distinctions for sector other than a few narrow exceptions.

Phoning someone, asking if it is mr blah blah and then explaining that their interweb will be suspended because VM suspect they have a virus/trojan/open proxy does not reveal any details that the DPA covers.

I suspect VM are just being overly cautious. There was a time they used to cold-call you and simply ask you for your account password, but would not explain why they were calling until you gave them the password. Which was bizarre and got them nowhere as it sounds very much like a scam. The newsgroups used to be full of people worrying about these sort of calls.

Chrysalis
05-06-2011, 01:19
Even with DPA considerations it is surprising he isnt cutoff, its considered good internet equituette for providers to suspend accounts that have malware or spreading malware.

Nopanic
05-06-2011, 11:55
No!

odd.. there are not teams that pro actively call customers over account issues that I know of ..

If its the retentions period in the 2009 regs then it is 12 months. I know there are proposals to extend it (well, Labour were pushing for it) and knowing how convoluted our legal system is there are probably past laws that have their own time periods defined. I think the secrecy thing you are referring to is the actual warrants/interception orders. Spilling the beans about these = 5 years in jail.

---------- Post added 05-06-2011 at 00:10 ---------- Previous post was 04-06-2011 at 23:48 ----------



The act makes no distinctions for sector other than a few narrow exceptions.

Phoning someone, asking if it is mr blah blah and then explaining that their interweb will be suspended because VM suspect they have a virus/trojan/open proxy does not reveal any details that the DPA covers.

I suspect VM are just being overly cautious. There was a time they used to cold-call you and simply ask you for your account password, but would not explain why they were calling until you gave them the password. Which was bizarre and got them nowhere as it sounds very much like a scam. The newsgroups used to be full of people worrying about these sort of calls.

No, the amount of time is restricted. As for calling, if you call a customer and tell them they have been cut off you are breaking DPA, you are giving out information about an account.

Our agents can not tell a customer what level of service they are on without confirming DPA with them.. and calling someone up there is no safe way to do it without providing protected data as proof they are VM ..

I'm sure some departments are able to, but faults isnt one of them.
Even with DPA considerations it is surprising he isnt cutoff, its considered good internet equituette for providers to suspend accounts that have malware or spreading malware.

I agree, very odd.

Skie
05-06-2011, 17:01
I'm sure some departments are able to, but faults isnt one of them.


Then its not DPA but VM policy being masqueraded as DPA. Telling someone their service level is not revealing personal information.

Nopanic
05-06-2011, 17:19
Then its not DPA but VM policy being masqueraded as DPA. Telling someone their service level is not revealing personal information.

Yes it is, telling someone what they pay for is giving details about their bill,

As service level is a person piece of information held by VM about a customer.

I don't know how or if it's done by other departments, maybe a call to say they need them to call in .. but either way, giving out a service level is like a bank giving out a balance .. its personal data and its protected by the law.

apcyberax
07-06-2011, 13:57
i hvae had one of them. i spent alot of time doing dns lookups on alot of ips. vm sent me a letter thinking it was a port scan. so yes they happen

qasdfdsaq
08-06-2011, 22:12
What's the difference between calling someone and revealing personal information verses sending them a letter, email, or text message with the same information?

The customer's consented to their personal details being sent to the address/email/telephone number when they signed up. You don't check DPA when posting their bill via letter, email, or text, so how is a phone call any different?

I'd agree that this is a silly VM policy being masqueraded as DPA, as it makes no sense under the law and other companies (in the same sector and otherwise) do no such issues with calling their customers.

Nopanic
09-06-2011, 09:25
What's the difference between calling someone and revealing personal information verses sending them a letter, email, or text message with the same information?

The customer's consented to their personal details being sent to the address/email/telephone number when they signed up. You don't check DPA when posting their bill via letter, email, or text, so how is a phone call any different?

I'd agree that this is a silly VM policy being masqueraded as DPA, as it makes no sense under the law and other companies (in the same sector and otherwise) do no such issues with calling their customers.

Sending a letter is protected by mail laws, you open someone else's letters and you break the law.

Personal details sent by text ? from faults ? like what ?

---------- Post added at 08:25 ---------- Previous post was at 07:53 ----------

I've just been thinking about this and it would be the same people complaining if VM had called them asking for account details .. saying this isn't very safe.

Basically VM are being extra careful with your details and you're moaning.. lol ..

qasdfdsaq
10-06-2011, 19:23
Not referring to faults specifically, but to account related information. You say that mentioning a fault on someone's line is revealing sufficient information about them to break DPA rules, yet sending summaries of people's bills by text message does the same thing and several mobile companies do that. You can also phone up customer services and get automated information about your bill, service level, tariff, and usage without passing any security checks with virtually all telecoms providers, so it most certainly isn't an issue.

Also if you open someone else's emails, you break the law too, and protected information is also frequently sent by email.

So at the end of the day if my bank, phone company, and other ISPs can phone, email, text, or write letters to me proactively when there's a problem with my account, service, or details, clearly this "DPA law" that prevents VM from doing it is either a law that only applies to VM, or more likely gibberish made up by VM.

Maggy
10-06-2011, 21:07
I remember summat from the NTL days about a walled off 'garden' for infected PCs.Don't they do that anymore?:erm:

BenMcr
16-06-2011, 10:55
This should explain it all ;)

http://pressoffice.virginmedia.com/phoenix.zhtml?c=205406&p=irol-newsArticle&ID=1574450&highlight

Kymmy
17-06-2011, 17:05
http://www.bbc.co.uk/news/technology-13798122

Failswitch
17-06-2011, 19:06
So it was a SOCA tip off on SpyEye infected machines as opposed to some suggesting Microsoft tipping off VM with the data gathered from their Rustock bust.

Virgin should give these people a few weeks to clean up their act and then kick repeat offenders off the network.

Toto
17-06-2011, 22:22
No other ISP has gone to press over this, not a bad response from VM so far.

Not sure about knocking these people offline though. VM are treating those infected as victims, it would be a PR disaster if they just suspended a thousand accounts, and a feeding frenzy on this forum. :D:

Peter_
17-06-2011, 22:24
No other ISP has gone to press over this, not a bad response from VM so far.

Not sure about knocking these people offline though. VM are treating those infected as victims, it would be a PR disaster if they just suspended a thousand accounts, and a feeding frenzy on this forum. :D:
Better to disconnect them rather than have them continue to infect or spam others I would have thought.;)

muppetman11
17-06-2011, 23:01
http://www.computeractive.co.uk/ca/news/2079890/virgin-alerts-customers-infected-spyeye-trojan

Milambar
17-06-2011, 23:22
Better to disconnect them rather than have them continue to infect or spam others I would have thought.;)

Not IMHO.

Better to give them a restricted connection, one that allows them access to virus checker websites to download a virus checker, and nothing else.

Nopanic
17-06-2011, 23:24
http://www.which.co.uk/news/2011/06/virgin-media-warns-users-of-spyeye-trojan-attack-256489/