The CrySyS Duqu Detector Toolkit includes four standalone forensic tools CrySyS developed, that use both signatures and heuristics to look for files changed in ways characteristic of Duqu.
Detection isn't perfect, however, according to the toolkit's release notes, so admins should check results themselves to avoid expensive repairs following a false positive.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.
Iranian nuclear development facility. Reuters/Raheb Homavandi