http://www.cnn.com/2003/TECH/internet/08/22/sobig.virus/index.html Sobig.F opens up the infected machine to remote access, allowing for new code to be downloaded. The payload is being activated August 22nd.
http://www.antisource.com/article.php/20040824020815211