Virgin alerts infected customers Published duration 17 June 2011

image caption The spread of the SpyEye virus has been monitored by law enforcement agencies

About 1,500 customers of internet service provider Virgin Media have been warned that their PCs are infected with a malicious virus.

The targeted computers had fallen victim to the SpyEye trojan that steals log-ins for online bank accounts.

Virgin was alerted to the infections by the Serious Organised Crime Agency (SOCA).

Letters were sent to those affected, giving them advice on how to clean up their machines.

Virgin is understood to be the first UK ISP to give specific warnings about viruses based on SOCA's advice.

However, the UK Internet Service Providers Association said that it was not unusual for companies to contact customers as a result of information from other law enforcement bodies.

It is impossible, at this stage, to know how many other ISPs' customers are affected by SpyEye.

Early warning

Virgin company stressed that it had not been monitoring user activity, rather some of their customers' IP addresses were found by law enforcement while investigating criminal botnets.

"It's a small number compared to the four million customers we have," said a spokesman, "but regardless of that, because of the seriousness it's still important to communicate with our customers."

The letters stress the seriousness of the situation and urge customers to update their security software and scan their machine to find and remove the malicious program. Alternatively, customers can sign up for a help service that allows Virgin to remotely find and fix problems.

The spokesman added that the Virgin campaign started in August 2010 and since then it had sent letters to "several thousand" customers about a serious infection on their home computer.

"The category we are looking at are the ones that put our customers at most risk or the ones that will steal from them," he said.

SpyEye first appeared in early 2010 and has steadily gathered victims ever since. Some machines are infected via booby-trapped webpages or by tricking people into clicking on links that lead to the trojan being installed.