When infecting computers that are protected by antivirus programs, Flame avoids performing certain actions or executing malicious code that might trigger a proactive detection from those security applications. This is one of the reasons that the malware flew under the radar for so long, Kamluk said.

By checking the data from its worldwide network of malware sensors, Kaspersky Lab has managed to identify current and past Flame infections in the Middle East and Africa, predominantly in countries like Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

However, antivirus vendor Symantec also in Hungary, Austria, Russia, Hong Kong and the United Arab Emirates. The company doesn't dismiss the possibility that these infection reports originated from laptops that were temporarily taken abroad by travellers.

It's hard to tell what type of information the Flame authors are after, giving the wide variety of data that the malware can steal and send back to the command and control servers. A decision regarding which of the malware's modules and functionality to use is probably taken by the attackers for each particular target on a case-by-case basis, Kamluk said.

The targeted organizations don't seem to follow an industry-specific pattern, either. The malware has infected computers belonging to government agencies, educational institutions and commercial companies as well as computers owned by private individuals.