Home / malware Backdoor:WinNT/Rustock.E
First posted on 04 February 2009.
Source: SecurityHomeAliases :
Backdoor:WinNT/Rustock.E is also known as Also Known As:Backdoor:Win32/Rustock.gen!E (other), Trojan.Rootkit.Rustock.E (BitDefender), Win32/Rustock.BH (CA), Win32/Rustock.NFW (ESET), Trojan.Win32.Multis.cp (Kaspersky), W32/Nuwar.sys (McAfee), W32/Rustock.L (Norman), Troj/NtRootK-DS (Sophos), Hacktool.Rootkit (Symantec), Trojan.Multis.A (VirusBuster).
Explanation :
Backdoor:WinNT/Rustock.E is a generic detection for a component of Win32/Rustock. Win32/Rustock is a family of rootkit-enabled backdoor trojans that have historically been used to send large volumes of spam from infected computers. More recently, Rustock variants have been associated with Rogue Security applications.Normally the trojan consists of 3 components which are embedded within a single binary - the dropper (which runs in user mode), the driver's installer, and the actual rootkit driver, (both of which run in kernel mode).For more information, please see the Win32/Rustock family entry, elsewhere in our encyclopedia.
Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.
Backdoor:WinNT/Rustock.E is a generic detection for a component of Win32/Rustock. Win32/Rustock is a family of rootkit-enabled backdoor trojans that have historically been used to send large volumes of spam from infected computers. More recently, Rustock variants have been associated with Rogue Security applications.Normally the trojan consists of 3 components which are embedded within a single binary - the dropper (which runs in user mode), the driver's installer, and the actual rootkit driver, (both of which run in kernel mode).For more information, please see the Win32/Rustock family entry, elsewhere in our encyclopedia.Last update 04 February 2009