Both Duqu and Stuxnet use a kernel driver to decrypt and load certain encrypted files on the infected computer. The kernel driver serves as an "injection engine" for loading the files into a specific process, according to SecureWorks. "The kernel drivers for both Stuxnet and Duqu use many similar techniques for encryption and stealth, such as a rootkit for hiding files," the security vendor said in its report.

But that doesn't mean the two are directly related, Ramsey said, noting that kernel-level rootkits have been used before and are not unique to Stuxnet or Duqu. Previously discovered malware threats such as BlackEnergy 2 and Rustock both used a similar kernel-level rootkit, Ramsey said.

The fact that Duqu's kernel driver was signed using a code signing certificate associated with Stuxnet has been held up as a sign that the two are related. But compromised signing certificates such as the one used by Duqu can be obtained from several sources, Ramsey said. Someone would have to prove that the source of both the Duqu and Stuxnet certificates was the same in order to draw a definite conclusion, he said.

Other than the similarities in the kernel drivers, Duqu and Stuxnet are quite , Ramsey said.

Duqu is designed purely for data theft and for providing remote access to a compromised system; Stuxnet was purpose-built for attacking industrial control systems. There's nothing in Duqu to suggest it was designed specifically to steal ICS data.