I don't now much about Flame, but I would assume that messages are sent using public-key cryptography in such a way that they can't be spoofed. Maybe a replay attack would be possible though.
You don't spoof the messages, you spoof the destinations.
In a closed system if you can get ahold of the destination as they have, you can redirect everything else to that center temporarily and just let it keep spamming suicide modules. If it's still confusing I can try to explain it better.
