Bascially there are two attack vectors that have not yet been exploited heavily: Mobile Devices and Instant Messaging. There are some articles that expect that a fully automated IM worm is pretty likely.
One example for this is: http://www.eweek.com/article2/0,1759,1880026,00.asp?kc=EWRSS03129TX1K0000614
Scaring…. Are you ready? There are by the way anti-virus solutions tackling IM as well: http://www.microsoft.com/windowsserversystem/solutions/security/sybari.mspx 🙂