Hang on...
WTF is an AV outfit doing NOT dealing with or reporting on a sophisticated piece of malware "because their client" asked them not to? Are the people who PAY for their AV products not clients? It's not as if they are obligated to list the names and addresses of their infected "clients".