Virgin Media has announced that the Serious Organised Crime Agency has identified around 1,500 Virgin broadband customers as having computers infected with the infamous SpyEye trojan. As a result, this may be time, says Trusteer, to consider a partial lockdown of these lines, until the owner can prove their machines as having been disinfected.
According to the in-browser security specialist, whilst the pro-active nature of the SOCA investigation into the Virgin users' systems may be viewed as invasive by some observers, there is a strong reason for all ISPs to work with law enforcement and security professionals in a similar way. In addition, says Amit Klein, Trusteer's chief technology officer, there is an equally strong case for blocking all traffic, and for HTTP traffic to display a message saying "your machine is infected, please contact Virgin ....
"This would ensure that most of the affected users would be on the phone to the Virgin helpline in double-quick time. And it would also help to minimise the financial losses that these poor customers would experience if they had to wait until the ISP wrote to them – assuming they opened the letter of course," he said. "The problem with simply writing letters to the affected line owners is that they may be landlords, and it is their tenants that need to be advised of the serious security problem", he went on to say.
Klein argues that an internet lockdown strategy would serve the dual purposes of alerting users on the broadband circuit that there were serious security problems and so force them to call in, as well as helping to prevent further potential losses to cybercriminals as a result of the infections. Even if only one of the 1,500 SpyEye infected users of Virgin's network were stopped from leaking their credentials to the cybercriminals, he says, the steps taken would have been worthwhile.
"Virgin's actions, as well as those of SOCA, are to be applauded. More than anything, this brings home to the UK's Internet-using community in the UK the sheer scale of the SpyEye infection problem," he said. "This is one strain of an infection on one single ISP's network. On this basis, we could be looking at potential trojan infections measuring well into five figures – or more - across the UK as a whole. To protect people from financial malware such as the SpyEye Trojan, I recommend installing browser security solutions, which are available for free from many of the UK banks," he added.