Last March, [TrendMicro] blogged about the Andromeda, a well-known botnet that surfaced in 2011 and is making a comeback this year. Just months after my report, we are still seeing notable activities from the said botnet, in particular a sudden boost of GAMARUE variants last week. The Andromeda botnet is a spam botnet that delivers GAMARUE variants, which are known backdoors and have a noteworthy way of propagating via removable drives. However, just months after the first post, they are seeing a trend in which a majority of WORM_GAMARUE variants are affecting India, Turkey, and Mexico.