I don't know who's sending them out - I'm wary of previewing the email addresses as this worm can be VERY annoying. I'm guessing that the worm probably goes through people's Internet Explorer Temporary Net Files cache and searches for addresses there, as well as in the Outlook address book.
I just quarantine the files, dump the emails, and clear the quarantine bins.
