BSNL malware warning email

yusi

Well-Known Member
#1
Received the following email (also an SMS) a couple of days back:

Diwali Greetings
Dear Customer,


This message is sent to you from BSNL as advised by "Cyber Swachhata Kendra ", CERT-ln,Government of lndia. Your computer/ Modem is believed to be infected with malware/bot. Please re-configure the modems after giving the Hardware Reset, change the default access password and disable all the access. For more information and remedial measures visit website of Indian computer Emergency Response Team (CERT-l n) www.cyberswachhtakendra.gov.in ". Please visit the site to get the instructions to configure the modem: http://bbnwintranet.bsnl.co.in

With Regards,
BSNL East Zone Datacentre


Note: This is a system generated mail. Please do not reply.


Email headers check out, and links are genuine and valid. So took the email seriously. Could not find anything suspicious at my end, so finally called up Customer Care. They told me to ignore the email if I wanted!!

Feeling blind-sided.
 

TraderRavi

low risk profile
#2
me too received this email that your pc is infected with malware. checked my pc for malware by the tool provided by their site. found no malware. wtf.
 

yusi

Well-Known Member
#3
Yes, it is a wtf moment.

The official press release seems to indicate that users who have left their default BSNL modem password as 'admin' are affected. Mine is not a BSNL modem, nor is the password at default. They seem to have glossed over how password-change scripts could be run outside the intranet.

Another wtf moment was when, a couple of years back, they set the ADSL login password to be the same for everybody (the user name has a common pattern differing by your phone number). Mine was not that, but they reset it to be the same. I am certain that this will come back to bite someday. As things stand, you cannot change this password using the self-care website and need to visit your local BSNL office.

They have been under intrusion attacks, most of which we are unaware. One such example was port 22 blocking.
 

yusi

Well-Known Member
#4
On an unrelated note, does anyone remember if this happened to them on 8th Aug, 2018...

On clicking a link on TJ, such as "New posts" a redirect would happen to 1bcde.com to reacherinst.com to fixerinst.com to api.statxyz.com to api.dynxyz.com to cdn.provessoftware.review which would ask you to install Flash Player from their site. This did not recur the next day at TJ.

 

Similar threads