Firstly, there is nothing at all special or interesting about how flame removes itself. It deletes a list of files that the author knows they created.
Secondly, you have to remember that these companies employ many free-thinking humans with varied jobs and abilities. Among those are some skilled analysts who simply take apart viruses for a paycheck. A lot of AV companies have at least a few people who are best of breed at this stuff. They post writeups and share the work of what is interesting. Marketing is generally not involved in the technical blog posts that you see.
> Firstly, there is nothing at all special or interesting about how flame removes itself.
Actually I'd disagree. The interesting thing for me is that it overwrites memory locations to thwart memory forensics. This isn't a common thing at all, but is something that I covered in a talk at a DC4420 meeting a year or two ago.
Secondly, you have to remember that these companies employ many free-thinking humans with varied jobs and abilities. Among those are some skilled analysts who simply take apart viruses for a paycheck. A lot of AV companies have at least a few people who are best of breed at this stuff. They post writeups and share the work of what is interesting. Marketing is generally not involved in the technical blog posts that you see.