Maharashtra Telecom Circle,2nd floor, A wing, Admn bldg, BSNL Complex,Juhu road, Santacruz (west), Mumbai-54.: 022-26467544 Fax: 022-26600180.Email: [email protected]. CGMT/MH/BB/ Multiplay Phase-II/17-18/ Dated: - 22.09.2017
VERY IMPORTANT
To,All SSA Heads,Maharashtra Telecom Circle.BSNL.
Sub: - BOTNET infected Users in BSNL Network- Critical Alert.Ref: BSNL/BBNW/BG/P3/BOTNET/2017/05 dated: 01.08.2017
Kindly refer to BBNW letter cited above (enclosed), regarding BOTNET infected IPaddress in BSNL Network. Information and detials of infected systems are shared byIndian Computer Emergentcy response Team (CERT) , on daily basis with BSNL NOC atbangalore is informing these customers through mail and sms.
In this context to avoid possible security threats , SSAs are requested to approach theinfected customers and get their PCs clean of BOTNET virus by scanning their system andremoving the virus. (User list for Maharashtra Cirlcel is attached in annexure I, detailedexcel sheet uploaded separately) .
A free bot removel tool along with screen snapshots , suggested by CERT is enclosed atreference II.
It may also be noted that proper practice should be followed while installingModems/ONTs to avoid disruption of services .Verificatin on the accessibility andperformance status of the MODEM shall be carried out by the staff . Procedure is attachedin Annexure III.
In this regard SSAs are requiested to submit a daily report regarding number ofBNOTNET infected users cleaned by their team.
Support of all the officers and staff is required to ensure that the customers are safelybrowsing in our BSNL Network .
AGM (Broadband)Encl: A/a.
List of Infected User As on 20.9.17 (detailed Excel sheet enclosed)
SN SSA Name No of Infected Users
1 Ahmednagar 1122 Akola 243 Amravati 934 Aurangabad 855 Bhandara 426 Beed 417 Buldhana 478 Chandrapur 369 Dhue 7810 Gadchiroli 1311 Jalgaon 7612 Jalna 2113 Kalyan 6614 Kolhapur 19215 Latur 2916 Nagpur 15217 Nanded 7018 Nasik 20919 Osmanabad 2120 Panji 17121 Parbhani 1322 Raigad 3723 Pune 28524 Ratnagiri 5725 Sangli 8826 Satara 6727 Solapur 9528 Sindhudurg 4829 Wardha 2330 Yeotmal 21
TOTAL 2312
Go to the URL
Annexure-II
2) Click on Security Tools tab marked in red:
Click on the tab
3) Click on Download button shown in the image:
Click on the buttonBBBuButton
4) Scroll Down and Click on Download:
5) Right click on the Downloaded file to find the file folder:
Click on the Button
6) Go to the path and double click on file and Click Run:
Click on the Show folder
7) Now Check the “I Agree” Button and Click Next:
Click on the Run
Chech the “I Agree Box”
8) Click Next:
Click on Next
9) Select Full Scan and Click Next:
Click on Next
Select Full Scan
Click on Next
10) Scan will take few minutes to complete
Click on Finish
Annexure -III
Action required at Customer site for securing the modem:
1. Change the default username/password - This will make it nearly impossible for a hackerto get in
2. Disable remote administration - The router should be configurable only from the localnetwork or LAN. It should be done through intranet console access only.
3. Disable WAN ping reply to avoid detection - Configure the router to not reply to pingrequests from the WAN side (that is the internet).
4. Enable firewall in the modem
To ensure Security on Wi-fi Modem
Basic:a. Ensure that Wireless encryption is always turned ON.b. Turn off the Wireless portion if not used
Advanced:a. Change the default SSIDb. Change the default encryption keyc. Enable MAC Address Filteringd. Disable the broadcasting of the SSIDe. Enable Firewalls On Each Computer and the Wireless ADSL
modem/routerf. Disable SSH, Telnet services/Protocols.