News Security

Virgin Media Warns Customers Of SpyEye Infection

Virgin Media has cooperated with SOCA to identify broadband customers who are infected by SpyEye

Virgin Media has sent letters to about 1,500 of its broadband customers warning that their systems are infected by the SpyEye Trojan, which steals banking data.

The letters follow on from an investigation by the Serious Organised Crime Agency (SOCA) which uncovered IP addresses of infected systems. SOCA handed the IP addresses over to Virgin Media which identified a number of its customers among those affected.

Serious risk

Virgin Media previously used written notifications to alert users to the risk posed by the Zeus Trojan last year.

In the letters Virgin Media emphasised the seriousness of the risk from SpyEye and urged customers to update their security software. Customers also have the option of signing up for a help service, using which Virgin Media can remotely identify and eliminate problems.

Virgin Media said customers need increasingly more direct warning methods as the importance of broadband grows.

“Cyber crime is on the rise and the increasing sophistication of malware infections means that all Internet users could be at risk with devastating effects,” said Jon James, executive director of broadband at Virgin Media, in a statement.

SOCA said it isn’t enough for users to rely on service providers to help them.

“It is equally important for consumers to protect their finances and personal information by ensuring their computers are equipped with up-to-date security software,” said Lee Miles, SOCA’s head of cyber, in a statement.

Stealthy Trojan

SpyEye works in stealth mode, is invisible from the task manager and other user-mode applications, hides the files from the regular explorer searches, and also hides its registry keys. It can grab data entered in a web form and automates getting money from stolen credit cards.

In April British police arrested three alleged members of the SpyEye gang. Security researchers consider SpyEye, a banking Trojan that harvests victims’ personal credentials, the de facto successor to the Zeus Trojan.

Two of the men were charged on 8 April, but the third man was released on bail on the condition that he return for further questioning in August, police said. Pavel Cyganoc, a Lithuanian living in Birmingham, England, and Aldis Krummins, a Latvian living in Goole, England, were both charged with conspiracy to defraud and concealing the proceeds of crime.

Cyganoc was also charged with conspiracy to cause unauthorised modifications to computers, police said.

The Police Central e-Crime Unit, a specialised group within Scotland Yard, made the arrests “in connection with an international investigation into a group suspected of utilising malware to infect personal computers and retrieve private banking details”.

Along with the arrests, police also seized computer equipment and data. The investigation is still ongoing.

Last November researchers said the developers behind the Zeus and SpyEye Trojans had joined forces to create one major botnet, with sophisticated capabilities to attack user bank accounts.