UK ISP Writes To 1,500 Customers That Are Infected By SpyEye Trojan

Forum Moderators: IanTurner & engine

Message Too Old, No Replies

UK ISP Writes To 1,500 Customers That Are Infected By SpyEye Trojan

engine

9:50 am on Jun 17, 2011 (gmt 0)

UK ISP Writes To 1,500 Customers That Are Infected By SpyEye Trojan [bbc.co.uk]

About 1500 customers of internet service provider Virgin Media have been warned that their PCs are infected with a malicious virus.

The targeted customers had fallen victim to the SpyEye trojan that steals logins for online bank accounts.

Letters have been sent to those affected, giving them advice on how to clean up their computers.

Virgin is understood to be the first UK ISP to give specific warnings to customers about viruses on their PCs.

That's a good move, and I wish other ISPs would do that.

BeeDeeDubbleU

10:04 am on Jun 17, 2011 (gmt 0)

I am with Virgin Media and thankfully I did not get a letter.

(I loved this typo in the BBC article.)

Alternatively, customers can sign up for a help service that allows a Virgin to remotely find and fix problems.

Think I'll sign up :)

engine

10:34 am on Jun 17, 2011 (gmt 0)

The original title was bad enough.

g1smd

6:57 pm on Jun 17, 2011 (gmt 0)

I wonder how many people will ignore the letter when it turns up, or worse yet think that it itself is some kind of scam.

dstiles

10:55 pm on Jun 17, 2011 (gmt 0)

Presumably they are using Deep Packet Inspection to find infected machines. Technically this is illegal in UK and in many other countries. On the other hand, if they ONLY use it for this I'm in favour of it. Sadly, Virgin (and BT) were, a while ago, looking at using Phorm DPI to feed tailored adverts to their customers.

It's time someone killed virus-infected machines. One proposal was to kill bandwidth to the customer until the problem was fixed, allowing only a trickle bandwidth to allow AV-type downloads. I certainly wish someone would turn off the #*$!x botnets!

engine

5:19 pm on Jun 20, 2011 (gmt 0)

It may also be the urls that are being hit, or perhaps the volume of mail going through the smtp server, alerting the ISP of malware. I would have thought that the volume of mail going through the smtp server would be easy to identify.

Either way, I agree, there must be some kind of measure taken to shut down the PC until it has been disinfected. I don't know if the ISP should, or could, demand some kind of MOT (Ministry of Transport) test, a FoT test (Fit-to-Surf) for the infected computer. Most of the machines i've seen that appear to be infected with spyware/adware or worse have been cleaned up effectively. However, I do know of people that may be infected with some kind of trojan.

Those ignoring the final 'clean-it-up-or-else' message should have their ISP service limited to force them to do something. I know that seems draconian, but how else are you to get people to protect their systems!

dstiles

9:46 pm on Jun 20, 2011 (gmt 0)

Infected machines are not always used for spam. A lot are used in web site hacks attempts, dDos attacks, attempts to kill FBI etc.

Most people probably don't know when their computers are infected. First they think of it is when their broadband access goes slow and the man in the shop says, "Do you have a virus..."

I suppose another test could be an "open ports" one. Any computer with open ports on a broadband machine is at least a little suspect.

Having said that, I legitmately have web and mail ports open here... :)