See also: http://www.microsoft.com/technet/security/alerts/sasser.mspx
shame that IPSEC is so underrated ...
Sasser.D uses a different remote shell port, TCP 9995 rather than 9996 (as used by SASSER, SASSER.B and SASSER.C). If you're using the policy linked above, you can add this port using the same settings as the original set in the policy.
So this guy goes into the doctor's office and says " Doctor, IPSec..." &lt;sound of phonograph needle...