I've gotten 12 to 15 of these in various forms the past couple of days... ..not only don't open the attachment..delete all of it...quickly!
the following was emailed to me..
AVG has protected me so far..and has also listed the worms and viruses it has caught in all of these emails...
Sent: Monday, November 21, 2005 7:20 PM
Subject: Trend Micro Medium Risk Virus Alert - WORM_SOBER.AG
Dear Trend Micro customer,
As of November 21, 2005 2:20 PM Pacific Standard Time (PST, GMT -8:00),
TrendLabs has declared a Medium Risk Virus Alert to control the spread of
WORM_SOBER.AG. TrendLabs has received several infection reports indicating
that this malware is spreading in the USA, Belgium, Canada, Brazil, and New
Zealand.
This memory-resident worm propagates by attaching a copy of itself to an
email message, which it sends to target recipients using its own Simple Mail
Transfer Protocol (SMTP) engine. Since it's email propagation does not
require any user intervention, the user is often unaware that this worm is
sending out email messages.
The email it sends out has the following details:
From: {Email address generated by this worm}
Subject: (any of the following)
. hi,_ive_a_new_mail_address
. Mail delivery failed
. Registration Confirmation
. smtp mail failed
. Spam: Registration Confirmation
. Your Password
. Your IP was logged
. Paris_Hilton_&_Nicole_Richie
. You visit illegal websites
Message body: (any of the following)
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but im not
sure!
plz read and check ...
cyaaaaaaa
---
This is an automatically generated Delivery Status Notification.
SMTP_Error []
I'm afraid I wasn't able to deliver your message.
This is a permanent error; I've given up. Sorry it didn't work out.
The full mail-text and header is attached
---
Account and Password Information are attached!
***** Go to: http://www.{random}.com
***** Email: {random}.com
---
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
---
Account and Password Information are attached! ---
The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more
Download is free until Jan, 2006!
Please use our Download manager.
Attachment: (any of the following)
. mailtext.zip
. mail.zip
. reg_pass.zip
. mail.zip
. reg_pass-data.zip
. question_list.zip
. list.zip
. downloadm
. mail_body.zip
The attached .ZIP file contains the copy of this worm using the following
file name:
File-packed_dataInfo.exe
When executed, it displays a fake error message box in order to trick a user
into thinking that the file did not properly execute.
This worm searches the process list of the affected system for mrt.exe, the
Microsoft Windows Malicious Software Removal Tool process. If found, it
terminates the said process thus making the system more vulnerable to
malicious attacks.
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy (Beta) - 187 (Released)
Official Pattern Release - 2.957.00 (ETA: 1.5 hrs)
Damage Cleanup Template - 678 (Being created)
Network Virus Wall - 10232 (Being created)
For more information on WORM_SOBER.AG, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusen ... M_SOBER.AG
Hoping it was none of my links 
POW-MIA, YOU ARE NOT FORGOTTEN!!! 