Over a thousand Virgin Media customers have been warned about being infected with the SpyEye Trojan.
According to a report by BBC News, the internet service provider has written to around 1,500 customers, offering them advice on how to clean their computers after they were found to be part of a botnet.
Virgin Media said that when it was investigating botnets, some customer's IP addresses were found by law enforcement. Advice on SpyEye infections from the Serious Organised Crime Agency (SOCA) has been passed on to customers.
A spokesperson from Virgin Media told SC Magazine that it does not do scanning but after working with security companies it detected that around 1,500 Virgin Media customers were infected with the SpyEye Trojan and were at risk of identity theft or fraudulent bank activity.
The spokesperson said: “SOCA gave us the IP addresses as they can look up who is infected and we let them know. We are taking a responsible approach that a lot of ISPs do not provide. Around a quarter of our customers had problems related to malware so something needed to be done about it, they may have had old software that came with their computer that had expired or did not update.”
Lee Miles, head of cyber at SOCA, said: “SOCA works with a range of private sector partners to help prevent cyber criminals from exploiting legitimate businesses and their customers. We welcome steps taken within industry to utilise the information and resources provided by law enforcement and raise awareness of online safety.
“It is equally important for consumers to help protect their finances and personal information by ensuring their computers are equipped with up-to-date security software. Complementing the practical advice and support Virgin Media provides to its customers, internet safety information is freely available at getsafeonline.org.”
The SpyEye Trojan collects personal and banking information in much the same way that Zeus does. RSA reported that SpyEye gained rapid momentum in 2010, as it was cheaper to create than Zeus, yet it was a sophisticated banker Trojan.
It said that one of its releases even introduced a ‘Kill Zeus' feature, designed to disable the Zeus Trojan's control over a machine infected with both Trojans. The number of SpyEye drop servers detected by RSA was increasingly growing, which meant that SpyEye had officially become the most significant rival to Zeus.
There were rumours at the end of last year that its botnet had merged with the Zeus Trojan botnet. Symantec said that the SpyEye toolkit is similar to Zeus in a lot of ways at it contains a builder module for creating the Trojan bot that is executable with a config file and a web control panel for command and control of a botnet.
Ed Rowley, senior product manager at M86 Security said that he welcomed the initiative by Virgin Media to alert customers
He said: “Most home internet users are unaware that they are infected and carry on banking online, thinking that they are protected by their anti-virus and firewall software.
“Virgin Media has taken a very important step in combating cyber crime by working with law enforcement to help warn and protect customers. Our only concern is how long it has been between customers getting infected, SOCA identifying their IP addresses and Virgin communicating this via snail mail.”
Nigel Hawthorn, VP of marketing for EMEA at Blue Coat, also welcomed Virgin Media's action but was concerned about notifying via post.
“Sending letters to customers rather than emails seems to be an odd response to such a serious situation that could see customers bank accounts compromised. With a malicious virus such as this, the user could be a victim at any time and the delay in sending and actioning a letter leaves them open to serious attack,” he said.