I found this interesting thread on reddit:
People who can just about start facebook and put in their credit cards are the reason such things exist. Antivirus companies selling snakeoil and lull consumers into absolute security are another one.
At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.
If your AV says it's clean or even if Virustotal gives you 0/43 it can still be malware, been there, seen that. Srsly, don't trust your AV.
Kaspersky was the most challenging at first, Kaspersky is paranoid as f***! But it has an exploit in KIS, KAV and PURE, allowing to start malicious code in the memory context of a trusted system process unnoticed. Kaspersky won't interfere if it thinks it's the system process doing changes to the system.
It is possible to create a perfect protection, trusted boot, rootkit hooks on all system calls and looking into not WHO changed something, but WHAT was changed in the system. Some application added an autorun? That's a paddle. Some application tried to f*** with the memory of another application? That's a paddle. But then you would only need to buy the protection ONCE and not a recurring 50$/year for some sh*tty signature updates every hour. AVs leave protection holes on purpose to make money! (Or the whitehats just suck. Unlikely, because their blogs are awesome)
I do it mostly for fun, beating the shady whitehats that sell their snakeoil is the most fun part.
No AV will save you. The majority of my bots uses MSE, but its not because its worse but because more popular. AVs however will protect you from the usual trash, like 2008 conficker virus and "stealers" from 14 year old hackforums scum.
Such snakeoil will live just as long as the myth that personal firewalls behind a NAT router give additional security.