Various infosec professionals have been commenting on the threat posed by new forms of malware used to install cryptic rootkits or spyware without alerting the user to their presence. It seems not all antivirus and antispyware software can detect these. There is a distinct possibility that a very specifically targeted chunk of malware could infect an organization or even an individual person, perhaps to wreak havoc with their systems or to disclose sensitive information. Call me paranoid if you like but the pieces are falling into place.
More malware links and risk management links.