A client received 3 similar emails from Rogers claiming a device in their house had a "Gumblar family botnet drone" that was "interferring" with the Rogers network, and just had their internet service unceremoniously shut off.
We called Rogers directly and they verified the emails and warnings about terminating service were legitimate... however, the actual detection of a botnet seems (in our case) like it might be misidentified traffic, or misattributing it to the client's devices or account - we've double checked all of our devices and found no issues:
The first email came 3 weeks ago, and since then we have completely erased and clean-installed 2 iMacs, 2 iPhones, an iPad, Apple TV, a TIme Capsule and even a Brother printer. We have used Sophos, Bitdefender and Malwarebytes to scan everything, with no problems found. There are no cameras or "smart" devices at all. We even reset the Rogers modem itself, changed Wi-fi passwords in case it was a neighbour hijacking Wi-fi. We did literally everything we could to reset everything.
Last night we turned EVERY device off, turned Wi-Fi off, and just left the Rogers modem on overnight by itself - to prove that IF there was malicious traffic it was not coming from us. Sure enough, Rogers shut off service overnight, claiming there was a Gumblar family, botnet drone.
I called Level 2 Support, and they admitted they use an unnamed 3rd party security company, who does random scanning of client modems, and if they detect a problem, an automated system sends 3 "courtesy emails", then a phone call, then they just shut it off.
This suggests there is a larger problem - if the 3rd party security company is reporting malicious traffic from a client, but there are NO devices on at the client's modem, then either their scanning isn't accurate, or they are being duped. Either way, bad.
Today Rogers is replacing the modem itself, and we have Bell on speed dial to install Fiber Optic internet tomorrow if Rogers can't figure out THEIR problem. I've heard of this behaviour before from Rogers, but I've never heard of it from Bell (so far). I will report back the results.