What amazes me is that some of these Malwar3 authors eventually become security analyst. Since they're underground, there is no reprecussion for whatever damage they do before they go "legit"
A particular malware author I'm trying to track down (as his code has been popping up all over our network) posted loads and loads of password stealers, decrypters for browsers' password cahces, Trojans and other malicious code on various sites-- and then a few months ago suddenly says "I'm going White Hat, See ya on the other side"
This is after his efforts have cost us how much damage?
No wonder its so easy for Malware to slip by our Anti Virus products. The same guys writing it are writing the viruses.
I say, never trust your AV. Trust Sys Internals Tools, Wireshark, Anubis, and your Debuggers, in other words, trust your eyes and good sense.
Your AV won't protect you--not very well, at least.