The new .NET banking malware
This new malware just wants the security solution vendors to leave it alone. It does not use any network communication, so no network signatures can be created for this sample. No IP addresses or domain names to monitor or take down. It does not acquire any persistence, no registry entries are created. This has a very interesting impact. None of the antivirus products, that were available on VirusTotal when the samples were obtained, detected this malware. Not even a false positive from any of the over 45 different antivirus solutions.
Read more here - http://www.cert.pl/news/7955/langswitch_lang/en