Notable behavior - "drops and install WinPcap network drivers", "flood network with spoofed arp packets (arp poisoning) " and "appends its code to all .EXE files in all drives, including mapped network drives and removable disks. Thus, it is able to propagate via the network and removable drives, such as flash drives and floppy disks."

Other - "first attempts to infect files which are running processes", "its main .EXE component respawns when it is terminated, making termination more difficult."

W32/Snow.a
http://vil.nai.com/vil/content/v_138727.htm

PE_SNOW.A

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_SNOW.A