Much has been written lately about the provenance of the Flame malware. Recent reports suggest that it was a joint project of the United States and Israel. Now comes the startling revelation that Flame used a hitherto unknown MD5 collision attack to forge a Microsoft certificate used for security updates.
Cryptanalist Marc Stevens who published the first practical MD5 collision attack in 2009 has analyzed the MD5 collision attack in Flame and concluded that it used a previously unknown attack. This suggests, he says, that the team who wrote Flame included world-class cryptanalysts and mathematicians.
After Stevens revealed his attack, the use of MD5 to authenticate certificates was deprecated and its use quickly died out. Microsoft, however, continued to use a certificate signed with MD5 for its security updates and that was how Flame was able to infect its targets.