ACCC questions Telstra's NBN deal; Crims bribe gaming employees to spread malware; USB drive risks

The Australian Competition and Consumer Commission (ACCC) has publicly expressed concern over “competition implications” arising from Telstra’s involvement in the rollout of the NBN.

The ACCC’s comments came on the same day that news broke that Telstra had signed a new $1.6 billion contract to link the NBN up to its existing hybrid-fibre-coaxial (HFC) footprint.

In its comments, the ACCC singled out that HFC agreement as a particular source of concern.

“While recognising that using Telstra’s technical expertise will contribute to a quicker rollout of the NBN, the ACCC remains concerned that competition issues arise from agreements that involve Telstra in the construction and maintenance of the NBN, including the HFC Delivery Agreement announced earlier today,” a statement from the ACCC said on Monday.

ACCC Chairman Rod Sims said that the commission had raised several concerns with both Telstra and nbn co, including the concern that “Telstra may receive a competitive advantage if it has access to better information than other service providers or if it is able to use infrastructure built for the NBN network before that infrastructure becomes available to other retail service providers”.

The ACCC said that it has had “extensive and productive” discussions with Telstra and nbn co about potential concerns arising out of the HFC Agreement between the two companies, and that the companies had recently provided proposals aimed at addressing these concerns.

“We are looking at the parties’ proposals carefully to consider to what extent these proposals address our concerns. It is important that Telstra doesn’t get a head start selling retail services over the NBN just because its technical expertise is being used in the construction and maintenance of the NBN,” Sims said.

Crims bribe game company

Security vendor Check Point Software has provided details on how cybercriminals bribed employees of a gaming company as part of a larger scale attack to spread malware via an online marketplace.

Check Point employee Feixiang He explained the three-stage attack in a blog post.

The attack’s first stage involved Qihoo 360, a Chinese internet security company, Check Point said. According to the blog post, the cybercrims bribed employees of a Chinese gaming company to include malware in the legitimate apps the gaming company sent to Qihoo 360.

According to Check Point, the apps passed Qihoo’s inspection and were whitelisted, meaning the hidden malware would be able to run on machines that used Qihoo’s free antivirus solution.

The second stage took place on the Chinese online marketplace Taobao.com, Check Point said. The attackers masqueraded as buyers on the website, and sent photos injected with whitelisted Trojans to sellers. According to Check Point, sellers opened the photos and had their PCs infected by the Trojans, which had gone undetected by Qihoo’s antivirus.

Finally, the attackers would request a refund from a seller. The seller would log in to their account on a payment platform, and the Trojan would keylog the seller’s credentials, allowing the attacker to steal money from the seller’s account, according to Check Point.

Strange USB drive risks

A recent study from the University of Illinois has demonstrated that many people are willing to plug a USB drive found lying on the ground into their computer, potentially opening their machine to exploitation.

As Vice explained, researchers dropped 297 USB drives around the university’s Urbana-Champaign campus last year.

And according to the Register, the researchers found that almost half (48%) of the drives were picked up and plugged into a computer.

The Register explained that the USB drives contained HTML files with embedded img tags, so that when one of the HTML files was opened, the image was fetched from a remote server. This reportedly allowed the researchers to track the use of the USB drives.

The study found that only 16% of users scanned the USB drives with antivirus software before loading the files the drives contained, according to The Register.

Vice quoted one of the researchers, Matt Tischer, as saying: “It’s easy to laugh at these attacks, but the scary thing is that they work — and that’s something that needs to be addressed.”

Image credit: ©nito/Dollar Photo Club