I know this is an Old message, but as I know the answer I thought I would reply.
The worm is called the Lion Worm it's a new worm that is very similar to the Ramen worm.
This worm is much more dangerous and should be taken seriously. It infects Linux machines with the BIND DNS server running. "i.e. port 53"
It is known to infect BIND version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px.
The worm scans random class B address for port 53 and tests each system it finds.
Once it has found a BIND exploitable system it is able to get "root" access and adds a rootkit called t0rn.
It's payload is to scan for more class b exploitable systems.It also emails your passwd and shadow file + ip setting to an email address in the china.com domain.
It also opens 2 backdoor on port numbers 60008/tcp and 33567/tcp and a trojaned version of ssh gets placed on 33568/tcp
Syslogd is turned off so no logging takes place.
It replaces about 40 system exec files like ls, netstat etc etc etc with trojan files.
If you don't have a DNS server running then you don't have the worm Trojan.
If you do have an old version of DNS then check this.
"can't trust netstat -a or ls command"
cat /dev/.lib/lib/lib/ls
if it says
cat: /dev/.lib/lib/lib/ls: No such file or directory
your ok, if displays a binary file in garbage, then you can't trust your system and should blow it away and install the latest version of Bind.
/Raz
To answer your question yes the fix is Bind 9.x.
Note: there is a new worm that scans for more then just bind. check out
http://www.sans.org/current.htm