The Flame espionage malware that infected Iranian computers has initiated a self-destruct command that removes all traces of itself on infected machines that receive the instruction, researchers said.

The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame, but the purging command observed by Symantec researchers instead relied on a file called browse23.ocx that did much the same thing. The removal tool, which researchers from Kaspersky Lab briefly documented last month, was downloaded from a command and control server still under the control of Flame attackers to several machines in a honeypot. White hats monitored the activities of the sophisticated malware, which is also known as Flamer and sKyWIper.

"This command was designed to completely remove Flamer," Symantec researchers wrote in a blog post. "The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers."

As a result, the compromised computers in the honeypot deleted at least 163 files and four folders belonging to the sprawling set of modular code. The self-destruct mechanism then overwrote the disk with random characters to prevent researchers from studying the files.

"This component contains a routine to generate random characters to use in the overwriting operation," the Symantec post stated. "It tries to leave no traces of the infection behind."

Bots have long contained such self-destruct mechanisms, so it's not surprising that malware as complex and comprehensive as Flame would, too. On Thursday, a much more sophisticated capability of Flame came to light when two of the world's foremost cryptography experts said the malware achieved a mathematic breakthrough that could only have been accomplished by world-class scientists.