Here's a nasty piece of work that got under my radar when it was brand new. Washington Post's Security Fix examination of the bug is fascinating.

A couple of highlights from the blog: "Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles. iDefense analysts say this is most likely done because the in-your-face "hey, your-computer-is-infected-go-buy-our-software!" type alerts generated by such programs just might tip off the victim that something is wrong with his system, and potentially lead to all invaders getting booted from the host PC."

"The scary part is, none of us are really sure how Tigger is even being distributed," Ligh said. "I look at a lot at info-stealing malware, and this is the first one I've seen in a while that goes to the trouble of removing other pieces of malware."

And from one of the responses to the story: "Tigger (or "Syzor" as Microsoft calls it) is one of the most functionally diverse trojans that I've seen. It was very fun to analyze code that for once doesn't use TerminateProcess to kill anti-virus software and doesn't just use SSDT hooks to hide files on disk. Brian Krebs wrote a piece on this trojan earlier today with a lot of critical information."

Most of the comments are worth a read as well, though you can ignore my re-iteration of stuff I've said here repeatedly.