(MSPAlliance) – Thursday, May 4, 2006- A new worm known as the “Swiss army knife” has been detected that is more advanced than most malware picked up to date by investigators. W32.Nugache.A spreads through e-mail and IM channels, and also includes a unique peer-to-peer element. PCs that are infected by the worm keep contact with the controller and other infected PCs through a peer-to-peer network using TCP port 8 instead of IRC.
The Linux Worm Slapper, which infected at least 6,000 Apache web server, used a similar technique in 2002. The peer-to-peer component of the Swiss army knife worm is similar to Kazaa, where if one node is shut down by a PC, a peer-to-peer network is formed with the next available PC. This technique makes it significantly more difficult to shut down networks and harder for intrusion prevention systems to identify infections.