Amid the exposure of Flame, its authors appear to be going to ground, using what control they have of the malware to force it to self-destruct and disappear (almost) without a trace.
Earlier this week, Kaspersky Labs noted that in a matter of hours after researchers had announced the discovery of Flame, the command and control infrastructure behind Flame went dark. This infrastructure was important because Flame is initially configured to contact a number of these servers and then run the control scripts that they serve. However, by 28 May -- the day that Flame's details began to emerge -- requests for these scripts were met with 403/404 errors, hampering efforts to learn more about the servers behind the malware.
Kaspersky Lab, with the assistance of GoDaddy and OpenDNS, attempted to sinkhole the malware; however, Symantec noted that this effort was only partially successful -- Flame's authors still had control of a few command and control servers -- enough to communicate with some of the infected computers. "[Flame's authors] had retained control of their domain registration accounts, which allowed them to host these domains with a new hosting provider," Symantec wrote on its blog.
Read more of ZDNet Australia's "Flame lights its own self-destruct fuse."