According to what I've been reading the experts say good social engineering.
One part of this is the use of internal hot links to activate the payload.
Personally I was very suspicious when I first saw it, so I'm a little
surprised that so many people are getting suckered in. Of course every month
there's thousands of net newbies.
I got an email from amazon.co.uk, all well presented, including valid
links to their site
and including a realistic looking header of the email that I was
supposed to have sent
and then on the an attachment
in fact as I write this, I just realised it could be that the viruse
was sent to amazon.co.uk with me as sender - then I got the automated
reply from them
clever clever - the worm gets 2 emails for the price of one, and a
email bombardment of a business site with auto-respond
Also just heard that SCO is on the end of the payload at the moment
Steve