Here's the essentials, according to Szor:
- There's been no control system involvement
- Duqu is not targeting energy or utility assets
- Attacks have been observed in the UK, US and Iran
- Also maybe in Austria, Hungary and Indonesia
- The command and control server is/was based somewhere in India
That's it. I hadn't posted on Duqu yet because I was trying to gauge its potential impact on our industry before making an alarmingly sound myself.
So far it looks like you can go back to security business as usual, which means you're paranoid, anxious and jumpy, and that a note like this telling you Duqu is harmless only makes you more certain that it's anything but.
Such is life in this happy profession.