A couple of articles that may be of interest,
Titled : Security industry faces attacks it cannot stop
It looks at the hows and whys of the AV industry dropping the ball and why they cannot pick it up again (although I disagre with it slightly I think "fire and forget" bot nets are more dangerous than "targeted attacks").
Speaking of bot nets the rise and rise of the ZeuS bot net to add in a "compleat control backdoor"
This is just one reason I think "covert bot nets" will be a very very major issue in the next couple of years.
We are already seeing a change in their usage, from Spam and DoS attacks to information gathering. The information being mainly gathered at the moment is financial for "on line" banking / share dealing etc. However a recent ZeuS attack on .mil and .gov was clearly designed to "hover up" document and PDF files. However it was not covert so was detected...
All that is needed to make covert botmets No.1 on the Ughh list is,
1, Unblockable control channel (I've already said how to do this).
2, Untracable uplink channel (I know how to do this)
3, Jump "air gap security" to infect machines. This is back to the old removable media "boot sector" style virus game prior to networks. And has been seen in the recent Mariposa Botnet takedown.
4, Jump "air gap security" for control channel, this should be almost as easy as (3).
5, Jump "air gap security" for the return channel to get the desired data back out. This is not going to be that much harder than (3) provided the bandwidth is kept down.
I can see all of this being done by the ZeuS writer in less than 6 month if the price was right (say 50,000USD).
At which point you had better cross your fingers and light candels whilst fingering your beads if you are responsable for IT security in a top 1000 company or other "interesting organisation".
I guess we are about to "live in interesting times"...