Duqu last week when the Hungarian research laboratory Crysys shared its analysis of the new threat with the world's top antivirus vendors.

Believed to be closely related to the Stuxnet industrial sabotage worm, from which it borrows code and functionality, Duqu is a flexible malware delivery framework used for data exfiltration.

The main Trojan module has three components: a kernel driver, which injects a rogue library (DLL) into system processes; the DLL itself, which handles communication with the command-and-control server and other system operations, like writing registry entries or executing files; and a configuration file.

The secondary module is a keylogger with information-stealing capabilities, which was discovered together with the original Duqu version. It's not known with certainty when the malware appeared in the wild, but the first sample was submitted to the VirusTotal service on Sept. 9 from someone in Hungary.

Since then Kaspersky Lab , some of which were created on Oct. 17, and were found on computers in Sudan and Iran. "We know that there are at least 13 different driver files (and we have only six of them)," the Kaspersky researchers said.