On Thu, 13 Mar 2008 02:52:39 +1100, Doug Laidlaw wrote:
>
> (a) this one is now months old;

Not really germane to the problem.

Saw an article more than a year ago, where a couple were selling a
root kit which went undetected for year.

AV vendors have to catch a copy of malware before they can put them
into the database. Black Hats have databases of AV site ips.
When those sites hit a malware distribution site, the site does not
serve up any malware.

They also were re-obfuscating malware on each delivery making it much
less detectable by AV software.