Now that Flame has been exposed, Iran is taking defensive measures. Iran's CERT said it developed a Flame detector over the past few weeks and it is spreading around a removal tool to rid the government's systems of the virus.
Computer viruses don't stay where you put them, and Iran probably isn't the only victim.
A Hungarian research lab that has been doing its own analysis said it has found traces of the bug in Europe and the United Arab Emirates. The lab, which began studying the virus this month, estimates that it may have been active "for as long as five to eight years."
So if Flame was spying, who was it spying for?
The Iranian CERT team said it believes there is a "close relation" between Flame two previous cyber attacks on Iran, known as the Stuxnet and Duqu computer worms.
"Stuxnet" is a word that sends a shiver of fear through cybersecurity pros.
In an extensive feature on the virus, Vanity Fair calls it "one of the great technical blockbusters in malware history." The bug targets "industrial control systems" -- that's jargon for critical national infrastructure -- and it had the unprecedented ability to sabotage its target and then cover its tracks.
Stuxnet was used to attack Iran's nuclear program in 2010. The virus caused centrifuges in a targeted facility to spin out of control, ultimately destroying it.
A related bug, Duqu, also targeted Iran's nuclear program. It was discovered last year and shows evidence of having been developed by engineers with access to Stuxnet's source code.
Who are those engineers? The widespread industry belief is that Stuxnet was created by the United States, Israel, or through the collaboration of both.