But if the timelines are such that it looks like Flame was created after the bugs exploited by Stuxnet went public, well, then all bets are off: The Flame team could have simply used what had been disclosed to make their own exploits of the vulnerabilities, standing on the shoulders of Stuxnet.

"We're going to have to spend a lot of time analyzing Flame before we know for certain," said O Murchu.

Kaspersky and Symantec have pledged to publish more information about Flame as they find it.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at , on or subscribe to . His email address is .

See .