It is claimed that Flame is "perhaps the most sophisticated piece of malicious software ever designed".
The idea that it is "spreading like wildfire," however, is hyperbole; it's actually one of the rarest and least-spreading bits of malware in the world. It's been confirmed to have infected fewer than 1,000 systems; by way of comparison, the OS X Flashback Trojan infected more than 600,000, and W32/Zlob (my own personal favorite) is known to have infected somewhere between 4 million and 5 million. Even specialized, small-scale malware like W32/Asprox, which infects Windows computers running Web server software, infected about 12,000 systems in a single day.
So by way of comparison, not only is Flame not spreading like wildfire, just the opposite--it's extremely narrowly targeted, affecting only carefully selected computers in key industrial applications in certain very highly specific places.
The analysis I've read suggests that while Flame is certainly very highly sophisticated, and was almost certainly financed at a cost of millions of dollars by a governmental agency (Iran is pointing the finger at Israel, but it's not impossible the US was behind it), it isn't the most sophisticated bit of malware ever designed...that would probably be Stuxnet. Flame doesn't seem to spread by several zero-day exploits. Its main claim to sophistication is that once it has infected a system, its operators can upload different modules to the infected computer for different purposes. These modules, written in a scripting language called Lua, can perform different functions--acting as a keylogger, intercepting email, taking screen shots, deleting files, and so on--but each of those modules is not, of and by itself, that sophisticated.
