The "Iraq Oil" worm is running around on the internet now, and it was detected and captured by Lawrence Baldwin of myNetWatchman. He and Philip Sloss did traffic and dynamic analysis of the worm, and I did the static reverse engineering.

The full details were reported first at DSL Reports, and all the reverse engineering can be found on my site (still working in progress).

Sleep is overrated :-)