Independent researchers in Europe have shared the malware code with researchers at McAfee and Symantec, and all parties agree that Duqu is built on the same source code as Stuxnet. A from Symantec explains, "Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered."

Although the core code may be the same, A McAfee Labs blog post says that Duqu does not have the PLC-compromising capabilities of its predecessor. Duqu installs drivers and encrypted DLLs on infected machines similar to the original Stuxnet, though, and that the code used for the injection attack, and several of the encryption keys and techniques used by Duqu are all close to those used by Stuxnet.

After analyzing the captured code, researchers believe that Duqu is specifically designed to target certificate authorities. Certificate authorities are trusted sources of digital certificates used to verify authenticity of servers and ensure that the systems you connect to on the Internet are what they claim to be. Attackers in possession of rogue certificates may be able to lure or redirect victims to rogue servers while appearing to be a legitimate server.

The trust on which the Web relies has already been shaken a couple times this year. First with the and compromise of the encryption keys used in the SecurID two-factor authentication tokens, and more recently with the --a certificate authority.

The payload of Duqu is quite different from Stuxnet. Stuxnet was designed to sabotage industrial control systems, but Duqu provides remote command and control capabilities, and sophisticated keylogger tools. It seems to be intended to infiltrate and gather sensitive information--possibly for use in a future attack of another kind.