-- Shimgvw is used by Windows Picture and Fax Viewer, which is Windows' default program, for a variety of file formats. Other applications, including Mozilla, rely on this DLL as well.

-- As described by Microsoft, the GDI (Windows Graphic Display Interface) "enables applications to use graphics and formatted text on both the video display and the printer. Microsoft Windows-based applications do not access the graphics hardware directly; instead, GDI interacts with device drivers on behalf of applications. GDI can be used in all Windows-based applications."

-- The Escape() function translates certain calls from the GDI library to the driver for a particular device -- for instance, a scanner or a printer.

-- SETABORTPROC provides compatibility between newer versions of Windows and the older 16-bit versions, making this a so-called backward-compatible or "regression" bug.

What's the payload? It can be any kind of executable file, but payloads so far appear to be mainly of the adware and spyware type. Some versions attempt to "recruit" machines into zombie armies, presumably to be deployed for nefarious purposes at a later date. Symantec reports that one exploit, dubbed PWSteal.Bankash.G, carried a password-stealing Trojan horse that also attempted to open a proxy server on a random TCP port.