After analyzing the software code from the Aramco attack, security experts say that the event involved a company insider, or insiders, with privileged access to Aramco’s network. The virus could have been carried on a USB memory stick that was inserted into a PC.

Aramco’s attackers posted blocks of I.P. addresses of thousands of Aramco PCs online as proof of the attack. Researchers say that only an Aramco employee or contractor with access to the company’s internal network would have been able to grab that list from a disconnected computer inside Aramco’s network and put it online.

Neither researchers nor officials have disclosed the names of the attackers involved. Saudi Aramco said in a statement that it was inappropriate to comment amid an investigation. The company further stated that it does not comment on rumor or speculation.

American intelligence officials blame Iran for a similar, subsequent attack on RasGas, the Qatari natural gas giant, two weeks after the Aramco attack. They also believe Iran engineered computer attacks that intermittently took America’s largest banks offline in September, and last week disrupted the online banking Web sites of Capital One and BB&T.

Multiple requests for comment from Iran’s interests office in Washington and to Iran’s mission to the United Nations in New York brought no response.

The finger-pointing demonstrates the growing concern in the United States among government officials and private industry that other countries have the technology and skill to initiate attacks. “The Iranians were faster in developing an attack capability and bolder in using it than we had expected,” said James A. Lewis, a former diplomat and cybersecurity expert at the Center for Strategic and International Studies. “Both sides are going through a dance to figure out how much they want to turn this into a fight.”

More than two months after the Aramco attack, the company continues to deal with the aftermath. Still, this month employees were not able to gain access to their corporate e-mail and internal network for several days. Until the company’s executives decide its systems are secure, employees can no longer access Aramco’s internal network remotely.

The attack, intelligence officials say, was a wake-up call. “It proved you don’t have to be sophisticated to do a lot of damage,” said Richard A. Clarke, the former counterterrorism official at the National Security Council. “There are lots of targets in the U.S. where they could do the same thing. The attacks were intended to say: ‘If you mess with us, you can expect retaliation.’ ”