From the Kaspersky article, Flame ships with a Lua VM, sqlite3, zlib, libbz2, and an SSL library (probably OpenSSL?), and these and more apparently result in its unusually large size (almost 20 MB).
Sounds almost like "lean malware" written by a relatively small team using easily available tools and libraries.
FLAME isn't a virus, it is software from Brazil, just like LUA is from Brazil.
"Tool prototyping in the FLAME platform is based on the Lua scripting language. Lua is adopted in FLAME as an extension language: its interpreter is embedded as a library into the measurement agents. On the one hand, the Lua interpreter gives to the scripts running in the agents access to active measurement primitives through a high-level, minimalist API. On the other hand, the measurement agents and the measurement API are implemented in C, preventing significant overheads in the measurement results due to the execution of Lua scripts."
http://martin.lncc.br/main-software-flame
Looks like that link's since been updated to make it clear that this is a completely unrelated piece of software called Flame that just happened to use LUA too, with it being very unlikely that any code could be shared between the two. Basically, the name's just a coincidence.
Yes, this almost looks like they've created a sort of malware toolkit which has all the hard parts and exploits in C, but can be scripted quickly for purpose.
Even better if the scripts can then be updated remotely as well.
All things considered, this is the kind of thing you'd do if you were going to do this long term.
The original virus may have only been a few hundred KB, which then bootstrapped the rest of the program. Just because you're writing malware doesn't mean you have to sacrifice good tools.
Sounds almost like "lean malware" written by a relatively small team using easily available tools and libraries.