TLDR: X.509 certificate collision attack where the uptime of the signing server appears to have been guessed successfully to an accuracy of 1 millisecond (!)<p>Some further technical details:<p>Dump of the full certificate chain: <a href="http://blog.didierstevens.com/2012/06/06/flame-authenticode-dumps-kb2718704/" rel="nofollow">http://blog.didierstevens.com/2012/06/06/flame-authenticode-...</a><p>Technical analysis and information about the certificate from Microsoft (MSRC): <a href="https://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx" rel="nofollow">https://blogs.technet.com/b/srd/archive/2012/06/06/more-info...</a><p>Discussion on the cryptography@randombit.net mailing list: <a href="http://www.mail-archive.com/cryptography@randombit.net/msg02916.html" rel="nofollow">http://www.mail-archive.com/cryptography@randombit.net/msg02...</a>