Charles Arthur, technology editor
guardian.co.uk, Tuesday 26 February 2013 18.19 GMT
Researchers at the security company Symantec have discovered an early version of the "Stuxnet" computer virus that was used to attack nuclear reprocessing plants in Iran, in what they say is a "missing link" dating back to 2005.
The discovery means that the US and Israel, who are believed to have jointly developed the software in order to carry out an almost undetectable attack on Iran's nuclear bomb-making ambitions, were working on the scheme long before it came to public notice – and that development of Stuxnet, and its forerunner, began under the presidency of George W Bush, rather than being a scheme hatched during Barack Obama's first term.
The older version of the virus, dubbed "Stuxnet 0.5" – to distinguish it from the "1.0" version – also targeted control systems in Iran's Natanz enrichment facility, the researchers said.
"Stuxnet 0.5 was submitted to a malware scanning service in November 2007 and could have begun operation as early as November 2005," Symantec notes in a report. It may have been submitted to see whether Symantec's defences would recognise it as malware – in which case it would have been useless. One key to Stuxnet's success was that it was not detected by conventional antivirus systems used in corporate and state computer systems.