"A lot of malware these days ships with stolen certificates. The original Stuxnet shipped with a stolen RealTek key. It seems like stealing a code-signing key hasn't been much of a problem for the folks that are doing targeted attacks.

"The only thing that jumped out as being incredibly difficult (in Stuxnet) were the PLC code--actually modifying the hardware etcetera--and some of the exploits were just off the wall crazy and really good bugs that I'm surprised no one ever found before.

"For Flame, it's not quite as clear that it's anywhere near the same level of complexity or that it really has anything sophisticated. It didn't sound like there were any new vulnerabilities or new exploits being exploited by it, it just was basically a new automation kit."