The infamous Morris Worm was released in 1988; making use of known
vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a
metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was
accidental, but the idiot hadn't tested it on an isolated network first). A
temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh".
Another fix was to move the C compiler elsewhere.
-- Dave
One of my comp sci professors was a grad student at Cornell when this happened. He shared a small office with Morris and some other students. He said that he had to explain that he had absolutely nothing to do with it on quite a few occasions.
Morris was caught partly because he used the Unix crypt command to encrypt his source code. The command was a computer model of the Enigma machine, and its output could be and indeed was cracked, after retrieving the encrypted code from a backup tape.
It's interesting that the worm was quickly detected. The reason was that it kept infecting the same machines, and as you referred to, it contained a password cracker, which slowed those machines to a crawl because of the multiple instances running.