<quote><p>That's not malware. That's a targeted attack. We're talking about garden-variety, drive-by download, infected porn site malware here. We're talking about flies, you're talking about a unicorn.</p></quote>
Hidden software that logs keystrokes and sends the results off to a remote system has a lot of value. It doesn't need to only hit a targeted system. When they see results like:
mail.yahoo.com firstname.lastname@example.org 123jass8
In the log file they know they have a new account to search through for any valuable personal data. Same with bank accounts, ordering online, etc, etc. They have the advantage of not needing to show pop-ups on the victim machine so it never appears to be infected. The website the victim visited is what handles the installation of the software so they don't need the infected machine to spread it around. The website can even have legitimate uses and an established community. Victims may even return to the website over and over to post comments on interesting stories and nothing ever appears to be malicious. The page they are visiting isn't dealing with illegal topics, porn, etc.
As a side note I suggest you check out a fan-page I run for Bennie Baby collectors: http://www.benniebabybrigade.com