It appears that Symantec has raised the Threatcon to Level 2 this afternoon.
www.symantec.com/security_response/threatcon/index.jsp
It seems that their honeypots have sniffed out "In-the-Wild Exploit attempts" targeting the vulnerability identified in MS08-021 which allows remote code execution in GDI if a user opens a specially crafted EMF or WMF image file. Microsoft announced this in their latest super Tuesday release.
www.microsoft.com/technet/security/Bulletin/MS08-021.mspx
If you haven't already patched do so now and don't forget to remind your users not to open image files.