The thing I find most interesting about Flame: whoever developed it surely understood that by being released into the wild like this, their new cryptographic attack was guaranteed to eventually be discovered and analyzed. And yet they spent that attack's secrecy on a (very sophisticated, but still) fishing expedition.
So what cryptanalytical capabilities do they have which are considered too sensitive to expose via malware?
Bear in mind that attacks on MD5 have an inherently limited shelf life, and that while the exploit used in Flame may be new, the underlying vulnerability and the fundamental technique used to exploit it are very well known.
Think about it this way. Flame was designed not to spread automatically, only when it was told to, meaning that a targeted attack like this would be difficult to discover since it affected a relatively few amount of computers compared to a virus designed to propagate at every opportunity, as well as the fact that fishing expedition was limited to only persons the owner were interested in.
Combine this with the fact that we're now dating the creation of the virus to at latest summer 2008 [1], and you've got a sophisticated surveillance mechanism that has been installed on thousands of computers and evaded detection for at least 5 years.
I'm sure there's lots more tricks that advanced virus authors like this have up their sleeve, but they're only useful to someone if they actually get used, and this seems to have paid off for whoever was behind this.
So what cryptanalytical capabilities do they have which are considered too sensitive to expose via malware?