virgin-media-logo

Virgin Media Warns Customers Of SpyEye Infection

Virgin Media has cooperated with SOCA to identify broadband customers who are infected by SpyEye

On by Matthew Broersma 2

Virgin Media has sent letters to about 1,500 of its broadband customers warning that their systems are infected by the SpyEye Trojan, which steals banking data.

The letters follow on from an investigation by the Serious Organised Crime Agency (SOCA) which uncovered IP addresses of infected systems. SOCA handed the IP addresses over to Virgin Media which identified a number of its customers among those affected.

Serious risk

Virgin Media previously used written notifications to alert users to the risk posed by the Zeus Trojan last year.

In the letters Virgin Media emphasised the seriousness of the risk from SpyEye and urged customers to update their security software. Customers also have the option of signing up for a help service, using which Virgin Media can remotely identify and eliminate problems.

Virgin Media said customers need increasingly more direct warning methods as the importance of broadband grows.

“Cyber crime is on the rise and the increasing sophistication of malware infections means that all Internet users could be at risk with devastating effects,” said Jon James, executive director of broadband at Virgin Media, in a statement.

SOCA said it isn’t enough for users to rely on service providers to help them.

“It is equally important for consumers to protect their finances and personal information by ensuring their computers are equipped with up-to-date security software,” said Lee Miles, SOCA’s head of cyber, in a statement.

Stealthy Trojan

SpyEye works in stealth mode, is invisible from the task manager and other user-mode applications, hides the files from the regular explorer searches, and also hides its registry keys. It can grab data entered in a web form and automates getting money from stolen credit cards.

In April British police arrested three alleged members of the SpyEye gang. Security researchers consider SpyEye, a banking Trojan that harvests victims’ personal credentials, the de facto successor to the Zeus Trojan.

Two of the men were charged on 8 April, but the third man was released on bail on the condition that he return for further questioning in August, police said. Pavel Cyganoc, a Lithuanian living in Birmingham, England, and Aldis Krummins, a Latvian living in Goole, England, were both charged with conspiracy to defraud and concealing the proceeds of crime.

Cyganoc was also charged with conspiracy to cause unauthorised modifications to computers, police said.

The Police Central e-Crime Unit, a specialised group within Scotland Yard, made the arrests “in connection with an international investigation into a group suspected of utilising malware to infect personal computers and retrieve private banking details”.

Along with the arrests, police also seized computer equipment and data. The investigation is still ongoing.

Last November researchers said the developers behind the Zeus and SpyEye Trojans had joined forces to create one major botnet, with sophisticated capabilities to attack user bank accounts.

Matthew Broersma
Author: Matthew Broersma
TechWeek Freelance
Matthew Broersma
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




2 replies to Virgin Media Warns Customers Of SpyEye Infection

  • On June 17, 2011 at 1:00 pm by JohnD

    Whatever happened to the old “fair cop gov, you’ve got me bang to rights” English criminal?

  • On June 17, 2011 at 3:02 pm by Peter Judge

    Comment sent from Nigel Hawthorn, Blue Coat Systems:

    “It is pleasing to see that Virgin Media is taking action and proactively notifying their customers of Virus’s on their PC’s, but interesting to note the means in which they did so. Sending letters to customers rather than emails seems to be an odd response to such a serious situation that could see customers bank accounts compromised. With a malicious virus such as this, the user could be a victim at any time and the delay in sending and actioning a letter leaves them open to serious attack.”

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>