That's nothing new really. The "hacker underground" has been writing purposefully vulnerable exploits for some time now. It just goes to show you how important code review is! Hell, even Sony purposefully distributed malicious software!
Anyway, I remember reading "Hacking: The Next Generation" in chapter 7, there is an account of infiltrating a phishing group that had been distributing a phishing tool that had an obfuscated backdoor routine in it where all the people that clicked on the link actually sent the results back to the original author without the secondary phisher's knowlege as well as the secondary phisher.
eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+