Vustog is an Internet worm that spreads by e-mail through messages with infected attachments. It can also propagate via file sharing networks and by exploiting remote security vulnerabilities. Once executed, the parasite installs itself to the system and runs a spreading routine. It uses own mail engine to send bogus e-mails to addresses it gathers from the Windows Address Book and some local files. The worm also creates numerous copies of itself in shared folders of installed peer-to-peer clients. Vustog carries a payload. It terminates processes of some security-related applications and overwrites the main executable of Internet Explorer with a copy of itself. It also modifies services of Symantec LiveUpdate in order to run every time security updates start. The worm is able to receive and execute commands from a remote attacker. It can bypass the Windows Firewall. Vustog secretly runs on every Windows startup.