Think about it this way. Flame was designed not to spread automatically, only when it was told to, meaning that a targeted attack like this would be difficult to discover since it affected a relatively few amount of computers compared to a virus designed to propagate at every opportunity, as well as the fact that fishing expedition was limited to only persons the owner were interested in.
Combine this with the fact that we're now dating the creation of the virus to at latest summer 2008 [1], and you've got a sophisticated surveillance mechanism that has been installed on thousands of computers and evaded detection for at least 5 years.
I'm sure there's lots more tricks that advanced virus authors like this have up their sleeve, but they're only useful to someone if they actually get used, and this seems to have paid off for whoever was behind this.
Combine this with the fact that we're now dating the creation of the virus to at latest summer 2008 [1], and you've got a sophisticated surveillance mechanism that has been installed on thousands of computers and evaded detection for at least 5 years.
I'm sure there's lots more tricks that advanced virus authors like this have up their sleeve, but they're only useful to someone if they actually get used, and this seems to have paid off for whoever was behind this.
[1] http://www.nation.com.pk/pakistan-news-newspaper-daily-engli...