TLDR: X.509 certificate collision attack where the uptime of the signing server appears to have been guessed successfully to an accuracy of 1 millisecond (!)
to be fair they would have had to generate certs to push the serial # up to the collided cert anyways, so they could use those generated certs and observed network latency to know exactly the uptime.. still very impressively executed..
Some further technical details:
Dump of the full certificate chain: http://blog.didierstevens.com/2012/06/06/flame-authenticode-...
Technical analysis and information about the certificate from Microsoft (MSRC): https://blogs.technet.com/b/srd/archive/2012/06/06/more-info...
Discussion on the [email protected] mailing list: http://www.mail-archive.com/[email protected]/msg02...