The Morris Internet Worm (as it is now generally known) was the the first famous worm incident on the Internet, occurring in November, 1988. It spread among hosts running SunOS 3.5 and BSD 4.2 UNIX on the VAX architecture by exploiting then-common vulnerabilities in fingerd and Sendmail, and the insecure-by-design rsh and rexec protocols. fingerd was vulnerable to a buffer overrun exploit, and Sendmail at the time had a "DEBUG" command which could be used to execute arbitrary shell commands on a host running Sendmail. The exploit contained binaries for both M68000-based SunOS hosts and VAX-based BSD hosts, along with more generic shell scripts, which would then scan for other hosts to infect and attempt to crack passwords on infected hosts. The worm itself contained a bug that made its behavior much more evident -- due to an apparently unintentionally-reversed comparison, the worm would attempt to infect hosts with a probability of 14/15 instead of 1/15, so it would often reinfect the same hosts repeatedly and resulted in substantial network disruption.
Other worm incidents involving UNIX and Linux versions include the "Ramen" worm which targeted Solaris and Linux hosts, and a worm (whose name I haven't seen) which targeted a security vulnerability in Apache 1.3.26 and prior versions on Linux.