Super virus targets companies in Europe
The virus, which is thought to be spying on rather than vandalising the systems it infiltrates, is sending information to a server in India.
The new virus was discovered by Symantec, a leading cybersecurity firm, and has been named Duqu. Experts say its code is so similar to the Stuxnet worm that attacked Iran, that it may have been engineered by the same people.
Symantec have not disclosed which firms had been targeted, but the company said one of its customers raised the alarm on Friday. An internal system at the firm "raised a number of red flags" and an investigation was launched.
"The majority of the code is consistent with the Stuxnet code," said a spokesman for Symantec. "So this new worm either came from the authors of Stuxnet, or someone was given access to the Stuxnet source codes."
According to the Guardian, Symantec said that the information Duqu gathers is sent to a server in India, but that this doesn't give any likely indication of who launched it, or who is accessing the material it finds.
It believes Duqu has been targeting a specific number of organisations in Europe and was designed to automatically remove itself from systems after 36 days.
Symantec suspects that Duqu may have been the first in a wave of new Stuxnet-style viruses, and that further sophisticated versions of it with a more aggressive purpose may emerge in the coming months.
Its experts suspect Duqu was looking for information such as design documents, which could help it mount a future attack on an industrial control facility.
"Stuxnet really laid new territory in terms of being able to get into and being able to control these nuclear power facilities [in Iran]," said the spokesman. "The significance here is that since Stuxnet we have not seen anything else of that level of complexity. It has gone a little quiet since then. The question we are now asking is: 'Do they have a new goal or purpose?'"