They did, but it seems that those certificates had some extensions that made the code-signing attack difficult to carry out on some versions of Windows, so the collisions were used to generate certs without those extensions.
(I read this at http://blog.cryptographyengineering.com/2012/06/flame-certif...)
I see; on Vista and above, certain fields in the certificate prevent it from being accepted for code signature. So they did a collision attack to create a slightly twisted certificate where all those fields are tucked away in a useless segment and ignored.
Are there any details on what's new with this particular attack, compared to the known previously published ones? Why wouldn't earlier public research (such as that ps3 fake SSL CA stunt) suffice?
We don't yet have details on the differences. I've looked at the evil colliding cert and, AFAICT, the "MD5 Considered Harmful" technique would probably have been sufficient to pull this off.
