It can also sniff network traffic and try to expand its toehold by cracking the encryption and passwords protecting other machines on the net.
Flame uses as many as 80 domains to contact a dozen or so domains housing its command-and-control servers, according to Ars Technica.
Symantec's report calls Flame "highly sophisticated and discreet" in operation, rarely doing anything overt to advertise its presence. One exception, Symantec suggested, is that Flame is the same software that caused a loss of data during an attack on the Iranian Oil Ministry, according to Iran's own emergency cyber-response teams.
Security company Webroot claims to have detected Flame in 2007, but didn't react because "the code was not particularly menacing," according to the San Jose Mercury News.
Flame uses the same weakness in Windows that Duqu exploits, making it possible the two were built by the same sources, Kaspersky reported.
All in all, Flame is the kind of major software project that could only be conceived or completed by a large sophisticated organization, according to Kaspersky's report.
Kaspersky's theory is that there were at least two groups of programmers, who may or may not have overlapped with the malware writers who coded Stuxnet and Duqu.
The Flame team was at least as large and capable as those who wrote the last two super cybersecurity threats: professional groups whose coders have a clear idea of their goal, plenty of leeway to experiment with unusual coding or data-collection approaches and confidence that the end result would have few quality, performance or interoperability problems – not the kind of work typically done by random collections of hackers in East European sweatshops.
The need for their code to act secretly provided an extra incentive to have it run correctly and to avoid causing any undue delays in either network or workstation performance, CrySys and Kaspersky reports concluded.
If only Windows installed, distributed its patches and functioned as flawlessly as that.
Maybe it's time for Microsoft to add another function to the unsustainably long list it already is paring down for the final release of Windows 8: Stealth installs.
If it had to run more like flame to keep from being discovered and eliminated, Windows might have to learn a lot better manners than anyone has so far been able to teach it.