Anup Ghosh, founder and CEO of Invincea, a security software vendor, said the detection tool "will be distributed among all the anti-virus vendors." He added: "But that's only good for this version. As soon as they make a change -- and they will -- it will no longer detect it."

Kaspersky said Gauss had infected about 2,500 machines in Lebanon, Israel and the Palestinian territories, with the majority -- 1,660 -- in Lebanon.

This, say a number of analysts, suggests that while it may also have destructive capabilities, the purpose of the financial component is not to steal but to spy on transactions.

But at least some of them suspect that the U.S. sponsored it. "The code base can be traced back to Stuxnet, Flame and Duqu," said Ghosh. "But let's not jump to conclusions based on code. The U.S. doesn't really engage in this kind of thing -- which is not to say that Israel would not."