The spam attached to a ‘delivery failure notice’ last month has reappeared. Now dropping its ‘delivery failure notice’ cover, the second coming of this spam is no less dangerous, and in fact more bundled with bonus malware. See screenshot below:

Though this spam comes with the same subject, same attachment file name, and same spam content as before, executing the attachment’s contents deploys TROJ_ROOTKIT.BA and TSPY_GOLDUN.RF into the system, as opposed to only TROJ_DLOADR.IB of the first spam sample. Trend Micro detects the attached ZIP files of the first and second spam samples as TROJ_DLOADZIP.A and TROJ_PAKES.AXQ respectively.

Worth noting is that the later variant delivers a more damaging payload than the first. It may be safe to speculate that this series of spam runs may get nastier as newer strains appear. But rest assure that Trend Micro will always be looking ahead to provide internet security protection to its users through the Smart internet security protection Network.