Flame installs itself on a target computer by
hijacking the Windows Update system. Normal updates are signed with a digital certificate that verifies their origin, but Flame's creators were able to fake their own certificate.
Such certificates are signed by a hash algorithm that converts any digital data into a short sequence of characters. It isn't possible to recover the original data from this sequence, but it can be used to verify it, allowing the hash sequence to act as a virtual "signature". Crucially, it should be very difficult to discover two pieces of data that convert to the same hash sequence - otherwise someone can perform a "collision attack", generating a spoof hash sequence without knowing the original data.
That's exactly what Flame's authors have done, though it isn't the first time the feat has been achieved. In 2008 cryptographer
Mark Stevens and colleagues showed that the oft-used MD5 hash algorithm is vulnerable to collision attacks - a feat that required 200 PlayStation 3 consoles to crunch through the numbers to find a match.
Now Stevens and others have analysed Flame's code and discovered it uses a previously unseen variant of the attack, probably developed before his research was published, allowing the attackers to calculate the exact hash sequence used by Microsoft's update system.
"The results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant,"
says Stevens. "This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis."
Whoever designed Flame, they are now trying to cover their tracks. Antivirus firm
Symantec says that computers infected with Flame have received a "suicide" update module designed to completely remove the worm. It appears that this module was created on 9 May, just a few weeks before the malware became publicly known.