Hello all,

I have had a strange telephone call from my ISP's abuse department. I started sweating quite badly, thinking they'd found all of my secrets!

Anyway, they told me there's a virus on one of my computers and it needs fixing. I have 20+ computers on my network, all of which I believed to be secure with the latest anti-virus definitions and regular scanning.

Can they really tell if there is such a problem?

Peter.

I suppose it depends if they've identified unusual traffic and it has the hall marks of being from one of your machines.
Simply, yes, I'd imagine they can.
I had a mate who worked for a small ISP over a decade ago. Sometimes we'd pick him up after work, and we'd go inside to the server rooms where he was based. He could, technically, watch what any of the connections that they served, was doing. I do recall seeing him watching someone's http traffic and checking out what they were viewing.
I'm far from a network guru though, but it sounds legit to me.

Yes, they can quite possibly tell.

If they were simply telling you to check your computers, then it may well be legit. I made a very similar call recently to a customer who was complaining of a slow connection. There was nothing wrong with her connection, but she was sending over 9000 emails a minute leaving her very little bandwidth for anything else.

However, if they ask you for any sort of information or try and sell you anything - be very dubious. I know you're sensible, but some people are quite easily scared into giving out passwords and such. That's quite a common scam.

"Can I ask you some security questions?"

"No - sod off and write me a letter!"

I am good at keeping my computers secure, so it came as a bit of a surprise. Unfortunately, I wasn't able to understand the foreign lady, but I don't believe she wanted account details or to sell me something.

Peter.

It is very easy to monitor the traffic flow.

What they probably have is a software monitor, which looks for know types of packets, or traffic on certain ports, which are usually an indicator for a specific virus.

Given the amount of data that passes through such a centre, it is unlikely they have the ability to actually read every packet you send or receive, but they can monitor them in real time for suspicious activity, which then gets flagged up for closer inspection...

If in doubt contact your ISP to determine whether they actually contacted you.

Is your ISP PlusNet, by any chance?

Reason I ask, is because a month or so ago I remember reading a post on PlusNet's forums from a customer of theirs that received an identical call to yours, turns out they weren't actually calling from the ISP but it was a scam to either get their ISP's account details (username and password etc) and to then "sell" them some anti-virus software. Of course, they were counting on them "paying" over the telephone so they could get their credit card details too.

One of PlusNet's staff posted saying that they don't call customers in this way, so it must be a scam - in any case, the customer was using a Mac so the chances of it being a virus were very slim indeed (at least at the moment).

My advice would be to be very suspicious of these types of call - if in doubt, call them back on the telephone numbers publicised on your ISP's web site. Ask them for proof of this "suspicious activity" before proceeding with buying any software from them.

I would have added that they could only be watching for spam. If your email client is sending lots of mail then that would ring alarm bells. They could have also found out from third parties who contacted the ISP to cut off the flow of spam.