One of the key problems is that virtually any attack tool could be defined as a cyberweapon, depending upon the context, the target and the attacker. Certainly tools such as Duqu fall into that category, but so might simple remote-access Trojans under certain circumstances. Who makes that call? Right now, it's mainly made by either the victim or a security researcher on the outside.
"There's no definition of cyberweapons. What's the difference between cyberweapons and traditional ones?" said Eugene Kaspersky, CEO of Kaspersky Lab, in a discussion on Tuesday. "One difference is software is software. People can make a copy, disassemble it, learn its tricks."
Link to Original Source