The Sobig E-mail virus that made its debut in the beginning of the year keeps coming back, with the latest variant spreading quickly, antivirus experts said Tuesday.

The new version, code-named W32/Sobig.F-mm, first appeared Monday and soon led to a "medium-risk" listing by antivirus company Network Associates Technology Inc. "The infection rate is very steady and comparable with the other variants," says Craig Schmugar, research engineer for the company.

Indeed, the number of virus-carrying E-mails intercepted by MessageLabs Inc. increased from 10,000 at 8:30 a.m. EST Tuesday to more than 100,000 by 1 p.m. EST. "It's a lot, but there have been a number of other viruses with a faster infection rate," a MessageLabs spokesman says. "In terms of Sobig variants, it's up there with the last one."

MessageLabs, which monitors corporate E-mail traffic for spam, viruses, and other nuisances, has intercepted 360,000 E-mails infected with the previous variant, Sobig.E, since it appeared June 25. Typically, these viruses spread quickly during the first 12 to 24 hours, then trail off as fast as they started as companies and home PC users update their antivirus software.

Sobig.F is arriving in E-mail under a subject line that typically says "re:details," "details," "your details," "thank you," or "resume." The sender is disguised as someone that may be familiar to the recipient, such as the name of a company or person.

Once the attachment containing the virus is opened, Sobig steals E-mail addresses from several different locations on the computer, including the Windows address book and Internet cache, then sends copies of itself out to those addresses. The virus, which sends multiple E-mails concurrently, selects addresses randomly for use as the sender, attempting to fool recipients into thinking the E-mail is from a company or other legitimate source.

"Hackers are always trying new techniques to get you to open the virus," the MessageLabs spokesman says. "One of the ways is called spoofing, making you think the E-mail is coming from a trusted vendor."

The attachments' names may include your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document.Fall.pif, application.pif, and document.9446.pif.

Because of its mass-mailing capabilities, Sobig can eat up bandwidth and slow a company's network performance. The virus, however, isn't considered as malicious as others, since it doesn't delete files or damage the infected PC.

Nevertheless, the bigger danger lies in its ability to open a port in a computer, enabling a hacker to upload a Trojan. The small application can let a hacker take control of a computer or search for passwords in the system to break into people's online accounts.

Spammers also use Trojans to send out mass mailings through someone else's PC, hiding the originator of the spam.