Escaping notice is the most important part of keeping malware on system. After it's found, the question is more about how painful it is to get off the system than whether it's going to get removed. Since modern malware authors want their software to stick around in the background for as long as possible, they just avoid doing anything outrageous and let the zombie send out a trickle of emails.
Experience with Windows users shows that the average end user who's willing to click on something like the author was talking about isn't going to get suspicious and won't suspect something two levels deep in a dot folder with an official/cryptic sounding name. They can be brazen and call it 'smtpmmd' for SMTP mass mailer daemon and it'll still probably slip under the radars of at least a few people who know how to look at their active processes. The only real solution is an automated searching tool and at that point you're doing the same thing as all the Windows AV programs, just with a somewhat easier time of it.