This BAGLE variant propagates via email and network shares. It drops a copy of itself in the Windows system folder as the following files: DRVDDLL.EXE DRVDDLL.EXEOPEN DRVDDLL.EXEOPENOPEN The attachment it sends out can have COM, CPL, EXE, HTA, SCR, VBS, and ZIP extension names. The email it sends out contains a message body only if the attached file is a .ZIP password-protected file. More at Trend Micro http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.Z ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Education is when you read the fine print. Experience is what you get if you don't. -- Pete Seeger"