Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.

Windows Defender detects and removes this threat.

This threat uses a vulnerability to download and run files on your PC, including other malware. It is also called the "MSCOMCTL.OCX RCE Vulnerability".

It runs if you visit a web site, use a Microsoft Office document or .rtf file (Word document), and have a vulnerable version of the following applications on your PC:

• BizTalk Server 2002 SP1
• Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold, and R2
• Microsoft Office 2003 SP3
• Microsoft Office 2003 Web Components SP3
• Microsoft Office 2007 SP2 and SP3
• Microsoft Office 2010 Gold and SP1
• SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2
• Visual Basic 6.0 Runtime
• Visual FoxPro 8.0 SP1 and 9.0 SP2

It is most often distributed through emails.

You may get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

Windows Defender detects and removes this threat.

This threat uses a Microsoft vulnerability to download and run files on your PC, including other malware. It is also called the "Sandworm" vulnerability or the "Windows OLE Remote Code Execution Vulnerability".

You can read more and apply updates to prevent exploiting this vulnerability in Microsoft Security Bulletin MS14-060.

It runs if you try to open an Office document and have one of the following vulnerable versions Windows:

• Windows 8.1
• Windows 8
• Windows 7 SP1
• Windows Vista SP2
• Windows RT 8.1
• Windows RT
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2008 SP2
• Windows Server 2008 R2 SP1

You may get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

W32.Mimail.B@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows that do not have Microsoft Security Bulletins MS02-015 and MS03-014 installed. The worm sends itself as an attachment to e-mail addresses on the infected computer. The worm is activated when the user opens the attachment.

W32.Mimail.G@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on an infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

W32.Mimail.I@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on an infected computer. When the user opens the attachment, it can display a Web form that the worm uses to gather and transmit user credit card information.

W32.Mimail.J@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. When the user opens the attachment, it can display a Web form that the worm uses to gather and transmit user credit card information.

W32.Mimail.H@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on an infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

W32.Mimail.K@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the recipient opens the attachment.

W32.Mimail.M@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the user opens the attachment.

W32.Mimail.Q@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. The worm is activated when the user opens the attachment.

W32.Mimail.U@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

W32.Mimail.V@mm is a network worm that targets certain versions of Microsoft Windows. The worm spreads through peer-to-peer file-sharing networks, writing itself to file-sharing folders. The worm is activated when the user opens the file that was placed in the file-sharing folder.

Win32/Mydoom.H@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll file that acts as a backdoor listening on TCP ports 80 and 1080. The worm attempts a denial-of-service (DoS) attack against www.symantec.com.

Win32/Mydoom.I@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll file that acts as a backdoor.

Win32/Mydoom.K@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll file that acts as a backdoor.

Win32/Mydoom.R@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer.