Airtel is alerting users about WannaCry Malware

[Sushubh]

the email landed in spam folder so not sure if it's from airtel.

 

[webie]

As long as domain is airtel.com , the email has to be from airtel.

 

[Sushubh]

things are a bit too complicated these days.

Phishing with Unicode Domains - Xudong Zheng

Load this in Firefox: xn--80ak6aa92e.com. Chrome seems to have fixed this issue.

 

[ganesh177]

even i got it in inbox, its from airtel

 

[amish]

I had received email from GOI as well as MTNL about wannacry.

Airtel seems to be late in alerting.

GOI and MTNL had alerted before attack was supposed to trigger.

 

[amish]

From GOI

From: MyGov <no-reply@sampark.gov.in>
Subject: Webcast: "Prevention of WannaCry Ransomware Threat - session by CERT-In"
Date: 14 May 2017

Dear friends,

It has been reported that a new ransomware named as "Wannacry" is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by exploiting vulnerable Windows Systems. The Indian Computer Emergency Response Team has issued advisory regarding prevention of this threat.

In view of high damage potential of the ransomware a webcast has been arranged to create awareness among users/organisations.

The webcast on the topic "Prevention of WannaCry Ransomware Threat - session by CERT-In" will be broadcast on Prevention of WannaCry Ransomware Threat- Session by CERT-In(1) on 15th May 2017 at 11 AM

Please do tune in to the broadcast to learn more and protect yourself.

Team MyGov

From MTNL

From: MTNL Mumbai <helpdesk@mtnl.net.in>
Subject: Critical Alert regarding the Wannacry/ WannaCrypt Ransomware


Dear Valued Customer

It has been reported that a new ransomware named as "Wannacry" is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named as ETERNALBLUE.

The ransomware called WannaCrypt or WannaCry encrypts the computer's hard disk drive and then spreads laterally between computers on the same LAN. The ransomware also spreads through malicious attachments to emails.

CERT-In (Community Emergency Response Team-India) has issued an advisory on its website today (CERTIn Advisory CIAD20170024 Wannacry/ WannaCrypt Ransomware: CRITICAL ALERT Original Issue Date: May 13, 2017) for detection and prevention of this ransomware. The same has also been published on the Cyber Swachhta Kendra website today Cyber Swachhta Kendra: Wannacry/ WannaCrypt Ransomware - CRITICAL ALERT.

In order to prevent infection, users and organizations are advised to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010.

Microsoft Security Bulletin MS17-010 - Critical


Thanking you,

MTNL Mail team.

 

---

[amish]

Load this in Firefox: xn--80ak6aa92e.com. Chrome seems to have fixed this issue.

Wow did not know this at all!! (Althought firefox shows capital "el" of Apple as "capital i")

Nonetheless firefox user must immediately go to about:config and set to network.IDN_show_punycode to true

That setting should be default in firefox instead of false as default.

 

[Karan]

Since this is about WannaCry, incase you have been infected or know someone who has been, you can try GitHub - gentilkiwi/wanakiwi: Automated wanadecrypt with key recovery if lucky as a solution.

 

[genie]

also got in spam folder......cert-in(.)org(.)in is a genuine website of CERT-In, a Govt of India organization.

 

[Nishant]

OT, I've been getting these emails regularly from the past few days. Initially they were landing in my Inbox but now goes straight to Spam.

 

[electronicsguy]

As long as domain is airtel.com , the email has to be from airtel.

This is patently false. domain checks were never required for email protocol. even DMARC is slowly being rolled out. read this: http://lifehacker.com/how-spammers-spoof-your-email-address-and-how-to-prote-1579478914