Security experts widely believe that the United States and Israel were behind Stuxnet, though the two nations have officially declined to comment on the matter.
A Pentagon spokesman on Wednesday declined comment on Kaspersky's research, which did not address who was behind Stuxnet.
RELATED:Iran admits to Stuxnet-like virus infectionAhmadinejad admits centrifuges damaged by virusStuxnet has already been linked to another virus, the
Duqu data-stealing trojan, but Kaspersky's research suggests that the cyber weapons program that targeted Iran may be far more sophisticated than previously known.
Kaspersky's director of global research & analysis, Costin Raiu, told Reuters on Wednesday that his team has gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware.
Raiu said the platform is comprised of a group of compatible software modules designed to fit together, each with different functions. Its developers can build new cyber weapons by simply adding and removing modules.
"It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said.
Kaspersky named the platform "Tilded" because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~" and the letter "d."
Researchers with Kaspersky have not found any new types of malware built on the Tilded platform, Raiu said, but they are fairly certain that they exist because shared components of Stuxnet and Duqu appear to be searching for their kin.
When a machine becomes infected with Duqu or Stuxnet, the shared components on the platform search for two unique registry keys on the PC linked to Duqu and Stuxnet that are then used to load the main piece of malware onto the computer, he said.
Kaspersky recently discovered new shared components that search for at
least three other unique registry keys, which suggests that the
developers of Stuxnet and Duqu also built at least three other pieces of
malware using the same platform, he added.
Those modules handle tasks including delivering the malware to a PC,
installing it, communicating with its operators, stealing data and
replicating itself.
Makers of anti-virus software including Kaspersky, U.S. firm Symantec
Corp and Japan's Trend Micro Inc have already incorporated technology
into their products to protect computers from becoming
infected with
Stuxnet and Duqu.
Yet it would be relatively easy for the developers of those highly
sophisticated viruses to create other weapons that can evade detection
by those anti-virus programs through the modules in the Tilded platform,
he said.
Kaspersky believes that Tilded traces back to at least 2007 because
specific code installed by Duqu was compiled from a device running a
Windows operating system on August 31, 2007.