Cybercriminals are, once again, trying to swell the number of computers compromised by the Andromeda backdoor. This will allow them to control the machines and download additional malware at the behest of the highest paying customer/renter.
According to G Data security experts, the botnet's C&C server is currently just waiting to hear from compromised computers, and is still not sending out instructions to the bots, meaning that the botnet masters are still in the botnet building stage.
But, if you have recently received an unsolicited email with a DOC file that instructed you to enable Word macros in order to see its contents, chances are good that your computer has become part of it.
The researchers documented two separate spam campaigns that targeted Polish and German users and used different stages to download, unpack and run the exact same executable (msnjauzge.exe).
