[6] The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices.
[6] According to estimates by Kaspersky in May 2012, Flame had initially infected approximately 1,000 machines,[7] with victims including governmental organizations, educational institutions and private individuals.
Using a sophisticated strategy, Flame managed to penetrate numerous computers across the Middle East by falsifying an authentic Microsoft security certificate.
[7] Due to the size and complexity of the program—described as "twenty times" more complicated than Stuxnet—the Lab stated that a full analysis could require as long as ten years.
[7] On 28 May, Iran's CERT announced that it had developed a detection program and a removal tool for Flame, and had been distributing these to "select organizations" for several weeks.
[18] According to estimates by Kaspersky in May 2012, initially Flame had infected approximately 1,000 machines,[7] with victims including governmental organizations, educational institutions and private individuals.
It is written partly in the Lua scripting language with compiled C++ code linked in, and allows other attack modules to be loaded after initial infection.
[19] Flame is not designed to deactivate automatically, but supports a "kill" function that makes it eliminate all traces of its files and operation from a system on receipt of a module from its controllers.
[22] Like the previously known cyber weapons Stuxnet and Duqu, it is employed in a targeted manner and can evade current security software through rootkit functionality.
[24] Using a technique known as sinkholing, Kaspersky demonstrated that "a huge majority of targets" were within Iran, with the attackers particularly seeking AutoCAD drawings, PDFs, and text files.
[25] On 19 June 2012, The Washington Post published an article claiming that Flame was jointly developed by the U.S. National Security Agency, CIA and Israel's military at least five years prior.
[26] According to Kaspersky's chief malware expert, "the geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it.
[29] The Daily Telegraph reported that due to Flame's apparent targets—which included Iran, Syria, and the West Bank—Israel became "many commentators' prime suspect".
[27] The Jerusalem Post wrote that Israel's Vice Prime Minister Moshe Ya'alon appeared to have hinted that his government was responsible,[27] but an Israeli spokesperson later denied that this had been implied.
[30] Unnamed Israeli security officials suggested that the infected machines found in Israel may imply that the virus could be traced to the U.S. or other Western nations.