Several reports indicate a worm is propagating in the wild, the worm is based on the MS08-67 patch releases on October 23rd. The origin of the worm is believed to be China.
The detected worm will start scanning the local subnet for port 139, once the victim machine is infected the malware will then try to download additional code, one of the additional codes spotted is an old DDOS malware as part of a DDOS botnet. The trojan will then block access to most Antivirus sites.
The worm doesn't appear to be very widespread, although that could change.
Exploits Available from :