From "Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf", which describes the recently-analyzed so-called "Regin" malware:

"We can assume the attackers take various low-level open-source projects or Windows DDK source codes and merge them together with their malicious loader. Hence, each stage 1 loader looks very different from others, as *** it contains random useless code from various other programs. This technique makes it more difficult to build reliable detection for the loaders. ***" Perhaps classical biological viruses use "junk DNA" for the same reasons?