Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book Protecting Industrial Control Systems from Electronic Threat, said that any information gained by Duqu was likely already obtained using the Stuxnet trojan.

"They did all the data exfiltration with Stuxnet. Why would they do it again? It doesn't make sense," he said.

Also, because security experts are publicly on the lookout for Stuxnet-like threats, it's unlikely that attackers would use the same kind of code or methods, he said.

"I would be a lot more concerned if someone came with a different approach," he said. "It's like after 9/11 when everybody was looking for planes hitting buildings. Nobody was looking for a shoe bomber."

Dale Peterson, CEO of Digital Bond, a consulting firm specializing in control system security, said that the fact that Duqu may have been found in a system belonging to an ICS vendor is not significant by itself.