An essay examining the question:
[I]t is now less clear what kind of events should reasonably trigger a war, as well as how and when new technologies may be used. With cyberweapons, a war theoretically could be waged without casualties or political risk, so their attractiveness is great — maybe so irresistible that nations are tempted to use them before such aggression is justified.
Roger Crisp counters, suggesting that cyber weapons "aren’t as novel" as people think:
A not uncommon experience when cycling home in Oxford late at night is for groups of drunken youths to shout abuse at one from a passing car. That’s aggression, but there’s no danger to my life or even my well-being (since it doesn’t bother me in the slightest). As Lin et al. say, it may indeed be difficult to distinguish a cyberattack from, say, espionage. But such grey areas are nothing new in warfare, especially since many possibly aggressive actions are in potential violation of treaties which are themselves open to differing interpretations. I see no reason, then, to conclude that traditional military ethics would not see even an unsuccessful attempt by a state to install malicious software in its enemy’s computer system as constituting an act of war deserving an appopriate, possibly military, response.
Previous Dish on the ethics of computer viruses here.