Flame became public in May after Iran discovered the malware had been used to infect computers in its oil ministry. It was quickly linked with Stuxnet, which was used to disrupt Iran's uranium refinement equipment, and was suspected to have been developed by other countries, possibly the U.S. and Israel, due to its sophistication and targeting.

The latest research is the result of a combined effort by Symantec, Kaspersky Lab, the International Telecommunication Union's (ITU) IMPACT cybersecurity team, Germany's Computer Emergency Response Team for Bundesbehörden and its Federal Office for Information Security (BSI).

The study found that the command-and-control mechanisms for Flame may have been developed as far back as December 2006, making the malware much older than previously thought, according to a by Kaspersky Lab. It had been circulating in the wild since around 2010, but its creation date had been unknown until now.

Among the other significant findings is that Flame's command-and-control system handled three types of malware that have not been examined by researchers and whose purpose is unknown. Other clues showed those malware types may still be under development or not yet activated.

Flame is the Swiss Army knife of spying tools: It can collect data entered into forms, collect passwords, record audio and capture screenshots. It may have played a reconnaissance role to scout out systems for later infection by Stuxnet, which disrupted industrial control systems made by Siemens and used by Iran for refining uranium.