The worm spread by exploiting the RPC vulnerability MS08-067, It also attempted to brute-force user passwords when connecting to the ADMIN$ share of systems on the local network.
Overview of the January 2009 Microsoft patches and their status. MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution.
The Internet Systems Consortium has released an update for all supported BIND 9.x versions. In this update a potential DNS poisoning vector has been addressed. The problem appears to affect only specific BIND configuration where DNSSEC has been enabled. Refer to the ISC BIND Server software Index