How about malware that will peek at what might be monitoring for it, then hide or wait a few minutes run a portion of itself. Wait, now run another portion. Oh, wait, and run some more. Bam your infected! Or, how about some malware that hides in your mouse routines, then waits for you to click a button or move the mouse, so it can run hidden in the mouse message routines. Even better, how 'bout the malware that will recognize it is running in a VM or being searched for and stops itself from running; hide and waits until the the way is clear. And, unless your A/V or whatever method you use is aware of this type of threat... you are infected. Now a days, it doesn't take a technical genius to make it happen. It is all explained in this article by the Symantec Security Response team, here -->Malware Authors Using New Techniques to Evade Automated Threat Analysis Systems And, a couple of quotes from the page: Keep your guard up and compute safely.