Kyran published an interesting paper that analyzes a new worm he wrote to attack Gaiaonline.com. He goes through step by step and breaks down each part of the worm and describes not only how it was used but the holes and where he would have built more functionality had he had more time.
I don’t think he’s published stats or even really released the worm to the actual population, but you get the idea. It’s a sobering reminder of the perils of social networking, if security doesn’t come first. Anyway, it’s a good writeup.