Although, the virus Flame is no longer spreading and most of its command-and control servers discovered, it remains what security professionals have been terrified of – mimicking Microsoft’s Windows update mechanism and spreading through it.
Mikko Hypponen, chief research officer at F-Secure states that ‘Having a Microsoft code signing certificate is the Holy Grail of malware writers. This has now happened. I guess the good news is that this wasn’t done by cyber criminals interested in financial benefit. They could have infected millions of computers. Instead, this technique has been used in targeted attacks, most likely launched by a Western intelligence agency.’
Read more here – http://www.f-secure.com/weblog/archives/00002377.html
Read about Microsoft’s security fix here – http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx