What is interesting to me is that Sobig has been well written from a technical point of view, something that hasn't been the case in the past with other viruses. I think it is likely to be a group of people, rather than an individual who is responsible for this.

Some of the techniques it was using were very different. Exploiting an MS loophole - easy.
Payload - much more sophisticated, done by connecting to previously compromised PCs to get a new web address to download the payload from. To connect to these previously infected PCs required an authentication code, and to boot some of the code had very strong encryption.

This doesn't look like your average hacker to me!

MS is in a bit of a no win situation here, as when it releases a patch, a lot of corporate users will, with good reason, want to test it first. A lot of home & some small corporate users won't even be aware there is a problem, as they never patch their systems anyway.

EDIT: I should have added the point that if you are running a large internal network that has solid protection at the point you connect to the net, this is not good enough.
All it takes is one person to use an infected CD/floppy etc., which will then spread like wildfire throughout your network to unpatched PCs.