Check your email. Have you ever been so popular? There's a good chance you have received dozens or even hundreds of messages that say "thankyou!", "wicked screensaver", "approved", "my details", or something similar. Don't bother to open them, and definitely don't run the email attachment, because they are all examples of the SoBig.F virus.

We have been here before. The first time it swamped the net in January, SoBig.A sent lots of email from big@boss.com, which was easy to spot. Now it arrives with faked or forged email addresses and a bigger range of subject lines. Next time, perhaps soon after September 10, SoBig.G could be even more insidious.

The problem with SoBig is that it does not exploit a flaw in Microsoft Windows. If it did, we could patch the flaw and stop it. Instead it exploits flaws in human nature and the internet's email system. SoBig only works in Windows, but there's no reason why it couldn't be adapted to any other system.

SoBig is a mass-mailing worm program. It arrives as an email attachment called thank_you.pif, wicked_scr.scr, or something similar. If you run the attachment by double-clicking it, the virus installs itself, searches a range of files for email addresses, starts its own email server, and then sends out lots of copies of itself.

It looks as though the virus writer started the current attack by spamming a large number of addresses. From there, the spread of SoBig depends on people being gullible enough to open an unsolicited attachment. There is apparently no shortage of gullible people.

SoBig also works well because of the inherent gullibility of the internet's simple mail transport protocol (SMTP) system, which was designed in the 1970s for use by a relatively small number of people in a trusted academic setting. It can deliver any old rubbish to any mailbox without checking, and that's usually what it does.

It is not yet clear what else, if anything, SoBig.F does.

"Basically it just spreads. The main impact is that it is slowing down email systems, " says Graham Cluley, an anti-virus expert from Sophos in the UK.

Previous versions have set up "back doors" so that hackers can take over users' PCs and search for credit card numbers, or set up relays to forward spam and so disguise its real origin. They have also spread over local area networks (Lans), infecting people too smart to fall for the email version. Either way, SoBig.F will turn itself off on September 10, after which we can all look forward to SoBig.G.

You can find out if your PC is infected with SoBig.F by searching for a file called winppr32.exe. While you are at it, search for the previous version, winssk32.exe, too. You can remove it by running a free program such as McAfee's Stinger or Norman's SoBigFix or by updating and running your usual anti-virus software.

Better still, delete SoBig email on the server, without even downloading it to your inbox. Mailwasher is a free Windows program that makes this simple. It is particularly suitable for people who collect their email in batches.

What happens next?

At the moment, SoBig does not delete files or harm PCs, but - as Cluley suggests - the repeated releases of the virus suggest that the worm's author "may be experimenting to find out the most successful ways to spread a virus". Think of it as a form of market research, preparing the way for the ultimate version.

Cluley does not want to speculate what that might be. "We don't want to put ideas into his head," he says.