The researchers found evidence that the command-and-control servers were set up to communicate with at least four pieces of malware.
Aside from Flame, none of the other three pieces of malware have been discovered yet, as far as the researchers know. But according to Raiu, they know that SPE is in the wild because a handful of machines infected with it contacted a sinkhole that Kaspersky set up in June to communicate with machines infected with Flame. They were surprised when malware that was not Flame contacted the sinkhole as soon as it went online. They only recently realized it was SPE. The SPE infections came in from Lebanon and Iran.
