Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers: Word is that Flame will make Stuxnet look like a toy by comparison.
The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware.
Kaspersky Lab is calling it “one of the most complex threats ever discovered.”
Lua? Bonus points. And when you’re malware is so complex that it needs its own SQL database to store information, then you’ve got quite a piece of work there.