There is an IPS signature for it:
http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25879
AV signature as well:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99
Are you seeing something not being detected? If so, could be a newer, updated variant to elude AV. I would recommend submitting to Symantec for analysis.