Description:
As of March 15, 2004 3:55 AM PST, TrendLabs has declared a YELLOW ALERT to control the spread of PE_BAGLE.P. Several infection reports have been received from Korea and Japan.
This new BAGLE variant is very similar to PE_BAGLE.N but bigger in actual size. It propagates via email with varying subjects, message bodies, and attachment file names. It also spreads by dropping several files in folders that have the text string shar.
This virus searches for files with certain extension names, from which it gathers target recipients. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email messages with spoofed return addresses and itself as attachment.
It also spreads by dropping files in folders that have the text string "shar", for example, C:\Program Files\Kazaa\My Shared Folder.
At every execution, this virus infects Win32 executable files (.EXE) in randomly selected folders in all fixed drives. It does this by attaching its malicious code, adding another section at the end of the file.
It opens TCP port 2556 and waits for incoming commands from a remote user, who must send specially?crafted data or packets to be able to command this virus.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BAGLE.P
Virus Information
Discovery Date: 03/15/2004
Origin: Unknown
Length: Varies
Type: Virus
SubType: E-mail worm
This Bagle variant is bears the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machine
the From: address of messages is spoofed
contains a remote access component (notification is sent to hacker)
copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
encrypted polymorphic parasitic file infector
More: http://vil.nai.com/vil/content/v_101098.htm

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic