On the plus side...
Whilst the numerous worms did some damage, they did have the effect of teaching Microsoft about security. Prior to that time, security was very much an add-on optional extra.
Following the outbreak ISTR Gartner came off the fence and recommended that nobody implement IIS. This stung MIcrosoft so badly that they pulled Longhorn (which was probably going to be called XP Server) and had a root & branch code review, sending all their developers on security courses.
Ten years on, servers and workstations are far more secure by default. Security onfiguration is turned on it's head where you have to have knowledge to turn it off, not as it used to be where you need to be an expert to turn it on.
So maybe the authors of Nimda were being cruel to be kind?