There are virus "kits" that allow creating new binaries as often as needed. So for whatever lag time (typically days to weeks) the AV folks have, you just generate something newer. Things are plenty sophisticated to allow VMs, encrypted binaries, and obfuscation tricks ... shared by commercial software that you can't just blacklist all bad binaries in any kind of general way.

So there's an infinite supply of bad binaries and AV companies are by definition, behind. Basically selling snake oil that promises to help, but never will.