Flame seems to be another military-grade cyber-weapon, this one optimized for espionage. The worm is at least two years old, and is mainly confined to computers in the Middle East. (It does not replicate and spread automatically, which is certainly so that its controllers can target it better and evade detection longer.) And its espionage capabilities are pretty impressive. We'll know more in the coming days and weeks as different groups start analyzing it and publishing their results.
Microsoft has a detailed blog post on the attack. The attackers managed to to get a valid codesigning certificate using a signer which only accepts restricted client certificates.
Posted on June 4, 2012 at 6:21 AM • 33 Comments