Those zips are encrypted, that's why. I have included links to the unencrypted results [1,2], with ~80% detection rate. Notable green checkmark by Microsoft, perhaps FinFisher made extra sure to not get caught by Microsoft's heuristics?

[1] https://www.virustotal.com/en-gb/file/f827c92fbe832db3f09f47...

[2] https://www.virustotal.com/en-gb/file/0b465877a998a993a64a14...

Microsoft too detects them now. Too late, but at least they are updating their signatures fairly rapidly.

Interestingly, both files were first uploaded to VT in 2010, meaning that AV vendors have had chances to analyze them.

Malware vendors usually use these services to test their load. They wouldn't release anything that would get detected on day 0. And I think antivirus vendors do more in-house analysis only if there are reasons to - such as votes from users, or other AVs detecting the sample.

WAY too many security companies play both sides of the fence.

More like anti-virus companies are just bad at what they do.