Less than a month after being dismantled, the notorious Dridexmalware, which has been responsible for $30 million in bank fraudlosses in the United Kingdom and more than $10 million in losses inthe U.S., re-emerged.

Accompanying its return is news of a new spam campaign targetingIKEA customers, according to the German security firm HeimdalSecurity.

In mid-October, the FBI and the U.K.'s National Crime Agencyannounced it took down Dridex's core command and controlinfrastructure last summer. This takedown, along with the arrestsof key individuals, are presumed to have severely damaged thehackers' capability to run Dridex (also known as Bugat)campaigns.

“It is clear at this point that the Dridex botnet operators arenot going to give up this lucrative botnet without a fight,” OndrejKrehel, founder/CEO of the New York City-based cybersecurity intelligence firm LIFARS, said. “Even though theinfections went down significantly, we are now witnessing acomeback and the number of infections is increasing,”

Earlier this week, the Fairfax, Va.-based cybersecurity firmInvincea released a research advisory detailing the resurgence ofDridex and its wider cybercrime campaign, which is designed to raid victims' bankaccounts.

Once a targeted victim opens an embedded e-receipt attachment,it activates and executes the Dridex malware. The attackers thengather user credentials – mostly usernames, passwords and carddetails belonging to the victims. Dridex primarily targetsfinancial institutions.

The malware can also pass through nearly every antivirusdefinition check that is available and currently in use by mostend-users.

Dridex was first spotted in late 2014 as part of a spamoperation that created as many as 15,000 phishing emails daily. Themalware strain mainly targeted users in the U.K., then spreadacross Europe and even beyond the continent.

Despite the recent arrests and takedown announcements, Invinceaobserved a renewed Dridex cyber crime infrastructure that isattacking users, particularly in France, with weaponized MicrosoftWord documents that mimic retail and hotel receipts.

Invincea said it is notifying businesses and individuals that amajor international cyber crime operation is once again activelyoperating and targeting French users. The firm said it released theadvisory because the French campaign may portend the resurgence ofa broader campaign that will likely target users in the U.S. andother countries, as Dridex did in the past.

According to Invincea's research, the weaponized documents werethe top threat facing enterprises during the last two months.

Since Oct. 22, Invincea has observed around 60 instances ofcyber-thieves targeting French users with the Dridex bankingTrojan, indicating that Dridex is still a threat and has at leastretained some of its command and control infrastructure, the firmsaid.

The renewed Dridex campaign's weaponized Word documentsincorporated “Just-in-Time” malware, which assembles itself once itbypasses computer security systems, building and loading thebanking Trojan directly on victims' devices.

“Dridex is particularly pernicious because of its use ofMicrosoft Word macros and encryption techniques to thwart advancedstatic analysis technologies, in addition to the JIT malwareassembly tactics to evade network defenses,” Invincea reported.

These combined methods that evade network and endpoint securitysolutions leads to particularly high infection rates:SecurityScorecard reports Dridex was the most prolific bankingTrojan afflicting the corporate sector during the first six monthsof 2015.

“The malware continues to use executables digitally signed withlegitimate certificates to avoid detection and poses major threatsto financial institutions in the U.S.,” Krehel explained. “Takinginto account its track record, its likely Dridex will cause someserious financial harm to its victims, yet again.”

Krehel recommended companies use solutions to detonateattachments or open them in an isolated environment to preventfalling victim to the malware.