Virgin media virus detection email.

Mattyjw

Mattyjw

Mattyjw

Associate
Joined
26 Nov 2010
Posts
560
I just received an email from virgin media internet security saying that one of my devices was detected as having a ramnit infection by a non profit they use this seems fishy to me and a method of selling f-secure, I'm at work so cant check anything till I get back should I be concerned?

I'm running sophos home (10) i think and bit defender (7)

cheers

Matt
 
Mattyjw said:
I just received an email from virgin media internet security saying that one of my devices was detected as having a ramnit infection by a non profit they use this seems fishy to me and a method of selling f-secure, I'm at work so cant check anything till I get back should I be concerned?

I'm running sophos home (10) i think and bit defender (7)

cheers

Matt
Click to expand...

if you have to ask....

You're ISP won't be scanning your PC for viruses, its a phishing email
 
SilverTongue said:
if you have to ask....

You're ISP won't be scanning your PC for viruses, its a phishing email
Click to expand...

They won't be scanning his PC, but they are probably monitoring their network for accesses to known command and control servers.

If you look up W32.Ramnit you'll find this detail
https://www.symantec.com/security_response/writeup.jsp?docid=2010-011922-2056-99&tabid=2 said:
Command-and-control connections
The threat uses a domain generation algorithm (DGA) to generate a number of remote domains to connect to its C&C server. The threat is currently limited to creating 300 domains for each seed value of which one is hard coded into the threat.

The following are some example domains generated by the threat:
rmnzerobased.com
awecerybtuitbyatr.com
awrcaverybrstuktdybstr.com
qwevrbyitntbyjdtyhvsdtrhr.com
yeiolertxwerh.com
ytioghfdghvcfgbgvdf.com
Click to expand...

ie. If it's a legit e-mail they are most likely suggesting that they have detected network acitvity on your connection to one of these known domains, therfore there's a likelyness that a device in your network is infected.
 
Simple thing to do is on the device with the possible virus do a malware scan and see if it detects anything.

That will answer if the e mail is legit or not
 
Do you have a reference for poor sophos detection rate ? (does not seem to be corroborated here )
was planning to move to it from Avira following recengt thread.
 
Virus detection is best served by more than one scanner. But I always start with Malwarebytes.
I have removed the Met Police virus on a few machines with that (albeit from safe mode etc.), other virus software stood no chance against it.
 
jpaul said:
Do you have a reference for poor sophos detection rate ? (does not seem to be corroborated here )
was planning to move to it from Avira following recengt thread.
Click to expand...

from that URL, it performs the worst out of those real world tests.

also had the "pleasure" of dealing with it in an enterprise. wouldn't be my choice.
 
Thanks, although I had seen it performs 'worst', the quality of the analysis did not seem good
- inadequate explanation of what the tests were
- results from sophos after modifying default settings nonetheless better than MS
- no suggestion that products are being used in an environment where user exhibits common sense and takes the precautions that I (probably wrongly)
attribute to the average OC'er (eg blocking javascripts, not downloading arbitrary files)
that said it is difficult to know to what kind of threats you are most susceptible.

- interestingly malwarebytes was not included.

what is your Enterprise AV of choice ?
 
So I ran ms mrt, mbam, eset online scanner while it flagged the things I suspected it would (win toolkit) there was no sign of ramnit. I should probably rerun mbam when i get home in safe mode, but apparently there were connection problems throughout the day on friday that could've caused the alert because of sporadic connection drop outs.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom