Ryan Naraine yesterday wrote a blog "‘Storm Worm’ surge exposes AV deficiencies" which discusses the current poor state of detection of viruses by the anti-virus vendors. Ryan uses the recent Storm-Worm attacks as an example where most anti-virus vendors were unable to detect the attacks.
This blog merely confirms the general thinking of experts that the next two to three years will be a very rough ride for computer users and a very fine time for criminals. The technology needed to defend against different attacks is and will remain the advantage of criminals. Couple this with the current international law weaknesses in arresting and prosecuting criminals operating out of dodgy countries controlling their bots. Finally, add to the mix very wealthy criminal gangs who can pour some of their earnings into thousands of programmers looking for weaknesses in application, network and defense systems.
Enterprises need to have multiple layers of defense using stronger levels of authentication and transaction authentication. They must assume their outer layers will be breached repeatedly over the next two to three years.