Worm unlikely
The absence of significant Windows worms since Slammer in early 2003, even for eminently wormable vulnerabilities in very widely used network protocols, is interesting in itself. My guess is that exploit developers capable of writing such things are all working either for security boutiques like ImmunitySec, TLAs, or are consumed with (1) churning out client-side drive-by exploits for browsers, plug-ings and media/office apps, and (2) writing throwaway SQL injection attacks to compromise crappy PHP bulletin boards, content management systems, Cpanel and one-off custom webapps. The fruits of (2) are seeded with (1) and lo, the spam keeps a-flowin'.