Story

A new variant of the Duqu worm has been spotted

A new version of W32.Duqu is identified , The file we received is only one component of the Duqu threat however it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk).Symantec blog

Duqu appeared very similar to the Stuxnet worm from June of 2010 which infected Iran's Natanz nuclear fasilities.

The Duqu was written by the same authors, or those that have access to the Stuxnet source code, and the recovered samples have been created after the last-discovered version of Stuxnet.

Duqu’s purpose is to gather intelligence data and assets from entities such as industrial infrastructure and syste manufacturers, amongst others not in the industrial sector, in order to more easily conduct a future attack against another third party.

The attackers are looking for information such as design documents that could help them mount a future attack on various industries, including industrial control system facilities.

The compile date on the new Duqu component is February 23, 2012, so this new version has not been in the wild for very long. Checking the code we can see the authors have changed just enough of the threat to evade some security product detections, although this appears to have only been partially successful.symantec blog