got this from Trend today:
PE_BAGLE.P
This virus searches for files with certain extension names, from which it gathers target recipients. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email messages with a spoofed return address to the gathered email addresses and adds itself as an attachment.
This virus also spreads by dropping files in folders that have the text string "shar", for example, C:\Program Files\Kazaa\My Shared Folder. It attempts to prevent the automatic execution of NETSKY variants by deleting certain registry entries.
It has backdoor capabilities. It opens TCP port 2556 and waits for incoming commands from a remote user, who must send specially-crafted data or packets to be able to command this virus.
It also has the ability to terminate certain process, which are usually related to antivirus and firewall applications.
It runs on Windows 95, 98, ME, NT, 2000 and XP.
