As already discussed by Mike
, malware authors love to innovate when it comes to persistence and hiding their nefarious creations from detection, and although most of the schemes are not unknown to analysts, they still show that malware authors are constantly on the prowl and evolving their techniques.
The example I have is of yet another registry-centric malware which by the nature of its construction has several advantages to defeating naive security software. The sample, detected as Troj/RegExec-A
, is essentially a multi-component threat
of sorts comprising of at least 3 components (Dropper/installer, Payload and Loader.)