Schneier on Security: Analysis of the Witty Worm: "Here's a very interesting analysis of the Witty Worm from March 2004. Among other things, the researchers found the initial infection point (patient 0). They also believe that the attack was, at least in part, a deliberate cyber-attack on the U.S. military; an army base was deliberately targeted in the worm's hotlist."

Emphasis mine.

(Via Schneier on Security.)