The spam attached to a “delivery failure notice” last month has reappeared. Now dropping its “delivery failure notice” cover, the second coming of this spam is no less dangerous, and in fact more bundled with bonus malware. See screenshot below:

Although this spam comes with the same subject, same attachment file name, and same spam content as before, executing the attachment’s contents deploys TROJ_ROOTKIT.BA and TSPY_GOLDUN.RF onto the system, as opposed to only TROJ_DLOADR.IB in the first spam sample. Trend Micro detects the attached ZIP files of the first and second spam samples as TROJ_DLOADZIP.A and TROJ_PAKES.AXQ, respectively.

Worth noting is that the latter variant delivers a more damaging payload than the first. It may be safe to speculate that this series of spam runs may get nastier as newer strains appear. But rest assured that Trend Micro will always be looking ahead to provide protection to its users through the Smart Protection Network.