This is an SRI paper discussing the anatomy of a software worm. A software worm is a virus that can be used to spread other viruses - they provide "piggyback payload potential". Here is the most interesting part from my current perspective - the worms are set up to periodically synchronize with a known set of IP addresses, and request binary payload updates that contain new viruses.
What I find most amusing is that the authors of these worms actually have a great case for using public key encryption to make sure that only viruses published by 4092-bit private keys can be used as binary payloads. http://ping.fm/SFH4w