Stuxnet set the bar for an advanced cyberweapon, with its ability to penetrate an air-gapped network, find systems controlling uranium-processing centrifuges, and physically destroy the hardware. Similarly, Flame sets the bar for a sophisticated cyberespionage operation, Kaspersky's Schouwenberg says.
The malware, first reported on in May, could spread within a network using the Windows update mechanism, a first for a malicious program. In addition, the attackers had found a way to generate a code-signing MD5 hash that exactly matched one used by Microsoft, allowing the program to bypass most security software. Once on a system, it would steal as much information as possible, using USB drives to exfiltrate data from computers not connected to the Internet.
"Overall, the quality is the probably the best that we've seen--the same or a bit above Stuxnet even," Schouwenberg says. "Being able to spread via Windows update blows everything out of the water."
Graphic: OpenDNS