BSNL malware warning email


Well-Known Member
Received the following email (also an SMS) a couple of days back:

Diwali Greetings
Dear Customer,

This message is sent to you from BSNL as advised by "Cyber Swachhata Kendra ", CERT-ln,Government of lndia. Your computer/ Modem is believed to be infected with malware/bot. Please re-configure the modems after giving the Hardware Reset, change the default access password and disable all the access. For more information and remedial measures visit website of Indian computer Emergency Response Team (CERT-l n) ". Please visit the site to get the instructions to configure the modem:

With Regards,
BSNL East Zone Datacentre

Note: This is a system generated mail. Please do not reply.

Email headers check out, and links are genuine and valid. So took the email seriously. Could not find anything suspicious at my end, so finally called up Customer Care. They told me to ignore the email if I wanted!!

Feeling blind-sided.


low risk profile
me too received this email that your pc is infected with malware. checked my pc for malware by the tool provided by their site. found no malware. wtf.


Well-Known Member
Yes, it is a wtf moment.

The official press release seems to indicate that users who have left their default BSNL modem password as 'admin' are affected. Mine is not a BSNL modem, nor is the password at default. They seem to have glossed over how password-change scripts could be run outside the intranet.

Another wtf moment was when, a couple of years back, they set the ADSL login password to be the same for everybody (the user name has a common pattern differing by your phone number). Mine was not that, but they reset it to be the same. I am certain that this will come back to bite someday. As things stand, you cannot change this password using the self-care website and need to visit your local BSNL office.

They have been under intrusion attacks, most of which we are unaware. One such example was port 22 blocking.


Well-Known Member
On an unrelated note, does anyone remember if this happened to them on 8th Aug, 2018...

On clicking a link on TJ, such as "New posts" a redirect would happen to to to to to to which would ask you to install Flash Player from their site. This did not recur the next day at TJ.


Similar threads