Yep, that's correct--as far as I know, the original source code isn't actually available anywhere.
Three independent groups, at Berkeley, MIT, and Purdue disassembled the .o and poked at its contents, slowly figuring it out.
Mark Eichin's timeline (http://web.mit.edu/user/e/i/eichin/www/virus/chronology.html) is a fun read, written from the MIT viewpoint, that chronicles how the Unix nerd community basically sprung up to dissect and deal with the worm, and contains a section on their attempts to disassemble the worm.
object objects[69]; /* Don't know how many... */
/* This report a sucessful breakin by sending a single byte to "128.32.137.13"
* (whoever that is). */
/* This appears to be a structure unique to this program. It doesn't seem that
* the blank slots are really an array of characters for the hostname, but
* maybe they are.
*/
/* There are pieces of "stub" code, presumably from something like this to
get rid of error messages */
That's a picture of a floppy disk in a museum, though -- and it too probably contains the disassembled source code :)
If I had to guess, the only people who had access to the original source are rtm, whoever he gave it to, and whoever accessed his account at Cornell when they looked through his homedir.
And it's unlikely that any of them would have distributed it. Remember, at the time this code was potentially really dangerous; this was essentially a new type of attack that folks weren't really ready or prepared to defend against.
