Complex virus stops infection if it finds victim is uninteresting.
A trojan virus is targeting the global energy sector, according the security vendor Symantec.
The Laziok virus was found attacking the industry throughout January and February of this year, in a bid to gather data from compromised computers that is part of a wider campaign primarily focused on the Middle East.
Christian Tripputi, security response manager at Symantec, wrote on the firm’s blog: "The detailed information enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack.
"During the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected."
Victims are said to be initially infected through a spam campaign, with the infection usually spread through a Microsoft Excel attachment by exploiting a flaw in the software framework ActiveX.
Once Laziok has been installed on the computer it is then works out if the victim is of interest, and actually stops the infection if it finds otherwise.
However if the target is of value the trojan proceeds to infect it with a backdoor known as Cyberat and another trojan known as Zbot or Zeus, both of which are altered depending on the specs of the compromised computer.
"The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market," said Tripputi.
"However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind."