Virgin Media to warn malware-infected customers
Virgin Media subscribers whose computers are part of a botnet can expect a letter warning them to tighten up their security, under a new initiative based on data collected by independent malware trackers. The UK's third-largest ISP will match lists of compromised IP addresses collected by the Shadowserver Foundation, among …
...direct all traffic from a known infected machine to a sand box that only serves out one web page that prompts the user to download some clean up software, and only unlocks them back on the big bad worlds after they run the software and prove they are clean.
Even if they have more than one machine (eg a PS3 or an eggbox360) its all in lockdown till the spam node is taken down.
The least of which is the large increase in calls to the helldesk which will hinder those who do take security seriously from getting through with their support calls.
There may also be legal issues since the customer is paying for access to the Internet, not to a single web page. This may result in those lusers who dont bother patching/installing anti-virus etc getting a refund of their charges. This does not apply to those who send spam (either intentionally or unintentionally) since this is against the terms and conditions.
If you're clueful enough to take security seriously, then you shouldn't need to phone the helldesk unless someone with a JCB has dug through some cabling.
all they like for a refund, but they should have common courtesy to read the letter and clean up the computer instead.
Options:
1) send them a letter and give them limited internet use
2) send another letter if nothing was done to resolve it
3) Disconnect them completely to protect others from the spam and possible DOS attacks
Yep, there will be confused users. Make the web page simple enough and they will know why thats the only page they can access.
Stick on it a help phone number with a recorded message of how to fix things before they get to a human and job done. Users will most likely Google the number of their help desk when they need it so many won't know where to call anyway.
Put in your T&Cs that they must not send spam, be involved in dental of service attacks, etc (which I expect they all have already) no refunds required.
Will be a busy first week, but should sort out the majority within that first week.
ISP will be happy too. Less noise on their limited bandwith.
@ We are comprised of volunteer security professionals from around the world.
From their homepage.
I dealt with these guys years ago, now I'm not saying they do not know what they are talking about but I am saying that one of their originating guys works at the cold meat counter in tescos and was a right stuck up going nowhere little toss pot. Security professional he was not.
We met up with several of them on various IRC channels and they were a bunch of holier than thow juveniles, just not sure that Virgin Media really need to be dealing with people who are essentially kiddy hackers themselves.
You can be a script kiddy botnet hoarder or you can be a script kiddie botnet infiltrator, it's much and such the same with a similar buzz but one set of guys gets to pretend he is a better skrippie. Ohh I dono where I am going here but needless to say I thought they were a bunch of wankers. Nuff said.
How long have we been waiting for VM (and it's predecessors and other ISPs) to do this? And surprise-surprise it coincides with VM trying to extort another buck from it's customers - but that is just coincidence of course.
Oddly enough as a VM customer I've not received any communication about the introduction of these letters. The only thing we ever get (e-mail or snail-mail) goes along the lines: "You're our customer and you're GREAT! We LOVE you! We at VM are GREAT too! And to show how much we LOVE you we want you to pay us more money for <insert pointless service here>!" *yawn*
</cynicism>
"Oddly enough as a VM customer I've not received any communication about the introduction of these letters"
So you want them to send you a letter to tell you that they might send you a letter then?
They should disconnect them until the user has fixed the problem, certainly Time Warner in the US will disconnect machines infested with spam mailers.
Didn't think that through, did you? How are they meant to download a fix without access the internet?
they should open up the box and find the thing, then kick the shit out of it! When it is dead, take a pic of the carcass and snail mail it to VM.
Just a thort.
Whilst I've been thinking for a long time why no one bothers trying to contact the infected users when we can see the IP's of the zombies I quickly realised that:
a) The people most likely to be infected will also not be using their ISP provided email account if they are even aware of it.
b) If it does pick up, queue mass malware spam campaings purporting to be from Virgin about malware =p
Perhaps if Cable Modems had come with Firewalls from day one, cable companies would not be playing host to some of the largest spam bot-nets?! This initiative, whilst welcome from the rest of the Net users, is about 10 years late!
"The firm will also take the opportunity to plug its Digital Home Support service, a £6-per-month remote PC maintenance helpline, "for those who need a little bit more help". A quarter of callers have a malware infection, Virgin Media said."
They can't even keep their email system running for a full week without it falling over, so there is no way in this world they should be trusted to help anyone to sort a computer out! And they have the cheek to ask for £6 a month? Hahahahaha.
Virgin media should take care of providing a proper service first to its customers. In my experience Virgin Media is a proud contender to the "Worst ISP of the year" title.
This is just part of a dirty marketing campaign: come to Virgin, you'll get a crap service, but we protect you.
Been with VM for over 3 years now and in terms of service, they shit on BT an most of the rest of the competition. I can genuinely count the amount of downtime in those 3 years on one hand. Yes, their customer service can be shocking; it just depends which call centre you get connected too. Their retentions team are really good. My VM+ box was borked and they replaced it and upped my TV bundle to XL at no extra cost by way of an apology for the duration of my existing contract and the next one. The only real complaint I have is lack of IPv6 (faster if you can have it - fewer users) and lack of static IP, which may be deal breakers for some, but as everyone here knows, there are ways around the second one ;) .
This seems like a courteous, proportionate, useful response. I'm in shock.
I've been wanting to dump BT for ages; possibly it's time to give Virgin a try.
...it shouldn't be down to the ISP. The UK government should have already cracked down on this and forced this kind of move. As has been said, these people need to be cut off from the web if they want ad hoc internet access. If they can't be bothered (and why should they) to administer their own machines they should just get access to arsebook & iplayer & maybe one or two other services. They probably don't actually use anything else anyway, and certainly shouldn't be transmitting card details via http.
You appear to be ignoring one massive problem.
A lot of people have little or no knowledge of computer security. It's not so much that they can't be bothered to secure their computers, more that they don't know how to.
It's that group of people VM appear to be trying to help. Calling them lazy isn't going to help.
So now there's a new tactic to get malware onto PCs: pretend to be from an ISP threatening to cut you off unless you download our rescue package.
Dear Valued Customer,
It has come to our attention that your home computer(s) has malware installed. To fix this, just visit:
www.definitelynotsomedodgymalwaresite.ru
etc...
I for one, would never act on anything unrequested and unauthenticated that I receive through the post.
This already happens.. I've had one of these calls (but pretending to be from Microsoft).
...a law to prevent stupid, lazy and complacent people from owning a computer in the first place.
driving. Voting. Having kids.
Wasting oxygen....
"Yes, but also.a law to prevent them
driving. Voting. Having kids.
Wasting oxygen"
Dear Mr Pogles.
Have I got an ID Card scheme for you.
J. Smith
Former Home Secretary and MP (Ret).
for example I think it's stupid to look down on other people and assume yourself to be more worthy based on yours and their relative accumulation of information in specific fields of knowledge.
"Dear Mr Spa Stick,
It has come to our attention that you have been pwned (lol) by internet terrorists. Possibly acting on behalf of the cyber paedophile and drug smuggling group Anonymous, which we believe to be paid operatives of the Chinese government. As you may know, Anonymous has over 9000 hackers on steroids and are working round the clock to steal your internets.
As a concerned third party, we at Virgin Media have put together a comprehensive security regime that has been independently verified by Gordon Brown himself (the man who invented the internet). Simply follow these three rules and you will be 100% secure:
1. When you see a black cat, throw salt over your modem.
2. Consider buying Windows 7 (again if you already have it).
3. Reinstall your internets from the latest version of the AOL CD.
If you follow these simple rules and still feel the urge to pay us an extra £6 a month, we offer a fantastic new service with trained call center operators in Bangladesh who can tell you how to use your start menu and many other exciting computer science topics.
Yours Sincerely,
Virgin Media"
Finally, a legitimate use for ISP snooping/sniffing? Couldn't they just block people from downloading the junk in the first place?
I wonder if this came out of the same brainstorming session as the "I'm using private browsing to buy a present for my wife" Windows 7 advert...
"Well dear I was looking for a present for you. You see the intricate stitching on this model's lace underwear?".
*SMACK*
Years ago ntl were blocking compromised cable connections [PCs] and redirecting web page requests to an information and resource page.
I found this out on a Monday morning, after a friend had left his laptop plugged into my router overnight on the Saturday...
I've been with VM, ever since telewest. Although their Customer Service is lacking, severley, I've had very little problems with their ISP service. Although sending letters out to customers to tell them their PC is infected won't do that much, except extort money out of their custers
fix the poxy mail service thats got *another* outage.
Yes email, a nice simple, not complicated service but it's borked again...
Stop trying to introduce new features until they have fully fixed the mess that the last "best thing since slied bread" that was the outsourcing of emai to Google has created.
stopped using them for email five or six years ago largely because it was so chronically unreliable and they STILL haven't sorted it out???
The same outfor who were promoted by POPUP ADVERTS (You know, just like frikkin' malware) served up by AVG (you know, a company supposed to be PROECTING YOU FROM FRIKKIN' MALWARE)
Frikkin' retards.
Their spanking new DPI boxes that are being commissioned...
What makes you think we *need* an excuse to install DPI?
Signed
The Government.
"Dear Mr Spa Stick,
It has come to our attention that you have been pwned (lol) by internet terrorists. Possibly acting on behalf of the cyber paedophile and drug smuggling group Anonymous, which we believe to be paid operatives of the Chinese government. As you may know, Anonymous has over 9000 hackers on steroids and are working round the clock to steal your internets.
As a concerned third party, we at Virgin Media have put together a comprehensive security regime that has been independently verified by Gordon Brown himself (the man who invented the internet). Simply follow these three rules and you will be 100% secure:
1. When you see a black cat, throw salt over your modem.
2. Consider buying Windows 7 (again if you already have it).
3. Reinstall your internets from the latest version of the AOL CD.
If you follow these simple rules and still feel the urge to pay us an extra £6 a month, we offer a fantastic new service with trained call center operators in Bangladesh who can tell you how to use your start menu and many other exciting computer science topics.
Yours Sincerely,
Virgin Media"
absolutely fantastic, although it did seem to be missing the usual "Greetings in the name of our Lord Jesus Christ;" tag-line at the start.
This should have been done years ago and all major ISPs should do the same. I mean, you wouldn't have a comprimised PC on your network, would you?
. . . and how, exactly, do they determine which machine thats connected to that connection *has* the infection ??
Oh, thats right, home VM users don't get technical support if they connect more than one machine to the connection, therefore there can only be one machine attached, therefore there is only one place that needs fixed.
Bloody glad I ditched this shower. As others have said, they cant keep their basic services running, why introduce more ??
"Those with infected machines will be encouraged to download free security software to remove the malware and protect their connection in future. "
yeah right thats why I've just spent 2 days stripping and rebuilding a laptop as the user decided to use Virgin "free" (to heavy subscribers) antimalware/security suite.
Result: totally pwned laptop
Anyone considering using virgins offering should just use nothing, you'll get the same peace of mind
That being told there was something wrong with their machines, and that downloading some free software would fix it, is probably what got them infected* with malware in the first place!
*Cue someone physically mailing out loads of fake virgin letters, instructing people to go to a site and download something dodgy.
"Anyone considering using virgins offering should just use nothing, you'll get the same peace of mind"
Is that just some general advise from a right wing Christian fundamentalist group to which you belong or perhaps some kind of ancient druidic ritual for the scurging of the unclean?
But this does not go far enough. The sending of spam is abuse of the service agreement, and it makes no difference if it's deliberate or down to having an infected PC, IMHO. The letter should demand remedial action within 7 days, or termination of account. To allow for holidays etc. such letters to be sent Recorded Delivery.
As far as VM flogging additional services - why not? There is an identified need. Hands up the first ElReg reader who would refuse a £20 'drink' for fixing a problem.
Although this initailly appears a very good thing, they have ruined that by bundling it up with a subscription service. any letter saying "we think your pc may be infected" and "for £6/month we can clean your pc" is just going to get binned by the vast majority of people.
This sounds like a reasonable idea to me in theory, although the plug for their own Digital Home Support service could be construed as being a tad pushy. Anything that stems the deluge of spam from botnets is to be guardedly welcomed.
Sign up, sign up for The Register's weekly IT security newsletter - click here
