Hi Nydarion,

There are a couple of answers to your why. I think the old av-detection model is very hard to maintain in detecting online malware threats as the threat landscape is ever-changing, very short-lived, and new malcreations are morphed, obfuscated and “warped” at us in a continuous stream. It is a ongoing battle against the forces of “cyber”-darkness and if you see the scans and for instance what comes from the “co dot cc domain”. This malware flow cannot be stopped in the traditional way, and traditionally one would be three months behind in detection rate.
So we search for particular patterns, ids, hashes, packers, wrappers etc. to flag “suspicious” and all that is reported is going to be taken in account as it no longers goes under the av-radar.
That is one side of the ongoing battle and your contributions in reporting are valuable. The other side is we have to protect also in another way, the responsibility of the user - through layered protection, one resident av solution and a couple of non-resident anti-malware solutions like MBAM, SAS, the protection of the network shield and webshield, web reputation scanning, and in browser protection to close the vulnerability gap further. Also very important to constantly update your OS and third party software (secunia online scan) to be not longer vulnerable to the latest exploits, but there is always a possibility that you could be hit by a new malware after a first testrun, a zero-day, or a specially tagetted attack.

Stay safe and secure online,

polonus