The Washington Post reports that Flame, an extremely sophisticated virus which was first discovered in Iranian oil refineries, is the brainchild of U.S. and Israeli efforts to slow Iran's nuclear program. This information comes from several Western officials who purportedly have knowledge of the project, but wish to remain anonymous.
Despite the report's veiled sources, Flame's U.S. origins aren't necessarily a surprise. Earlier this month, the New York Times shed light upon Operation: Olympic Games, a U.S. project which utilized other sophisticated viruses known as Duqu and Stuxnet. These virus targeted Iranian SCADA systems, allowing their creators to access, gather intelligence and even control certain aspects of Iran's nuclear and oil refining facilities.
Security researchers recently discovered Stuxnet code within Flame – an unofficial confirmation that the creators of Stuxnet (i.e. U.S. government) were also behind the virus. After this discovery was made, the virus began to self-destruct, hastily removing itself from infected computers as though it were taking cues from a spy novel.
Flame wowed security researchers with its incredible sophistication. The 20MB virus carried a payload which could be transmitted through spoofing Windows Updates, allowing it to infect even non-compromised computers on the same network. The creators used what is believed to be an unknown MD5 collision attack to forge Microsoft's digital signature on a fraudulent certificate, an achievement which was described by security researchers as the holy grail of malware writers.
Flame also has modules which could utilize microphones and web cameras, log keystrokes, collect screen shots and allow it to propagate via removable media (i.e. USB thumb drives), allowing it to be introduced into sensitive networks isolated from the public. It would even use Bluetooth to send commands to other computers, providing a bevy of vectors for infecting, monitoring and controlling nearby workstations.