Most don't build in so much sophisticated programming they're able to restructure themselves, change themselves and their environment by manipulating the Windows registry and choose which Windows process to build themselves into so they can keep as close an eye as possible on everything going on within their own view while remaining invisible themselves.
Most virus writers that would like their code to check in with them periodically, let each bit of it phone home. They don't have many instances of their code designate a spokes-virus to do their talking for them.
That's a lot more subtle than most viruses. More akin to the way Stuxnet moved into the Windows-based SCADA machines on in Iran – but didn't just wreck the centrifuges. It slowed them down and changed the speed registers so the Iranian technicians didn't know right away that their bomb development had been Fubared and wouldn't guess their computers had been infected.
Duqu may not be the Son of Stuxnet.
Duqu may not be, as Symantec predicts, the precursor to a new, more powerful Stuxnet that will become an even fiercer saboteur.
But it's not a normal bit of malware. Its complexity and subtlety is much greater not only than most viruses, but greater than most malware carrying keyloggers or other data-stealing payloads.
On the other hand: The Obligatory Conspiracy Theory
It is that level of sophistication that leads some analysts to guess that only a national intelligence agency would have the resources, patience or desire to build a weapon like Duqu, let alone an organization big enough and desire for specific information persistent enough to justify development and use of a tool that's more remote access than it is a fire-and-forget attack mechanism.
Duqu wasn't designed to invade a facility and just steal or break whatever the virus could reach. It was designed to give a staff snoops remote control over agents they could re-use, reconfigure and redirect during an intelligence operation with specific targets and time limits.
That sounds a lot like a national intelligence agency. Nothing else fits quite as easily.
It also sounds like what a sophisticated criminal organization might build that was interested in expanding beyond identity theft and fraud, or even beyond smash-and-grab raids for information it could resell as industrial espionage.
If that's the business you were going into, you'd want a tool that was effective enough to get the job done, subtle enough not to warn the victim you're coming or give too much evidence to the law that you'd been there, and that was changeable enough to adapt to the technical infrastructure of new victims and the differing requirements of clients wanting different types of information, for different reasons, from different types of targets.
Symantec: Duqu: the precursor to the next Stuxnet, flowchart of Duqu installation procedure.