The Spread of the Witty Worm
Thanks to Joel Scambray (coauthor of the Hacking Exposed series of books) for bringing this to my attention.
Not many people paid much attention to this worm, because it affected a non-Microsoft product, but the analysis is interesting nevertheless. What was really worrying (to me, anyway) is the one day (yes, ONE DAY! ) time delta from the vulnerability being publicly known (when ISS issued their patch, and eEye (http://www.eeye.com/html/Research/Advisories/AD20040318.html) issued their disclosure) to the worm's arrival. It was also the first real destructive worm.
CAIDA has a very nice write up on the worm.