A home PC in Lagos, Nigeria, connected by domestic broadband was likely responsible for a surge in malicious emails targeting NAB customers today.
Reputation websites that tracked the bona fides of millions of machines connected to the net reported the IP address responsible saw an 11-fold increase in malicious traffic over the past day.
NAB has been contacted for comment.
The zero-day threat from the probably infected Nigerian host, one of the top spammers against the bank, was exposed in a demonstration of emerging threats using WatchGuard's web-based reputation authority.
The security vendor's Australian senior sales engineer Gary Spiteri said spammers have become more efficient at targeting customers of financial institutions, reflected by the fact that fewer of their phishing emails bounced than when using scattergun approaches.
As Africa connected to broadband it was following the lead of Western countries such as the US and those in Eastern Europe in becoming a vector of attack.
"I doubt that there's a National Australia (Bank) mail host in Nigeria," Spiteri said.
"Interestingly, 83.33 percent [of the Nigerian host's emails] was spam but it's a 100 percent good recipient list: no bounce backs, they've got a good, qualified list of spam targets and two blacklists have it and two of them don't.
"That's quite possibly an emergent threat.
"It's probably a PC on a conventional ADSL link and it's got some sort of bot on it.
"This is probably the source of a phishing outbreak."
Spiteri said good security practices lagged adoption of broadband adoption in Third World countries.
"Third World countries don't spend money on anti-virus, don't put network security in place, they have pirated copies of Windows, which means that security updates are turned off from Microsoft; so you'll get an increasing number of vulnerable operating systems on PCs that are then targets for more bots to be deployed on to them which then become generators of more of this type of spam."
Borderware bears fruit
The Australia and New Zealand manager for firewall vendor WatchGuard, Scott Robertson, said reputation technology it bought in last August's marriage with Canadian security vendor Borderware would filter down from its high-end XCS class of devices to the XTM line within six months: "We're hoping for 90 days".
Robertson said the installed base of 10,000 Borderware appliances that collect intelligence about emerging threats would grow in this time to more than 600,000 once the switch was flipped on Watchguard devices.
Overnight, Watchguard launched appliances aimed at small and medium-sized organisations. The pictured XTM5 for organisations with up to 1500 users and the XTM2 for branches and businesses of up to 50 users were based on its Fireware operating system and blocked Skype, instant messaging, attacks over unified communications and VoIP, the company said.
Robertson said WatchGuard was ramping up its channel activities by:
- launching a credit card rewards program,
- tightening adherence to its certification program,
- increased marketing,
- emphasising its partner program that allowed resellers to let their customers "try before they buy"
- and an annual trip to a tropical resort for "top performers".
"We can have more discussions with resellers about spam and content filtering and sell up into the high-end space" such as banks and financial institutions, he said.