Hmmmm,

You want an example?

one method that is not seen in common malware is the use of password protection. this is seen in evaluation or shareware software, but not malware. this is not, i hasten to add, my opinion! this is i am afraid a fact based on practical experience. i take the lack of forthcoming examples of any malware that uses password protection as a testament to this!
http://en.wikipedia.org/wiki/Sub7

I would consider SubSeven to be pretty common malware, and it is password protected.

I think that a clear distinction needs to be made between remote access, key logger type software and the virus/vandal type of stuff. The latter are typically "fire and forget" whereas the former require tending/management.

Virus/vandal type software would tend to be encrypted, compressed, armoured, polymorphic etc.

All the remote control software needs to do is load surreptitiously and run undetected. It is natural for the server side of this software to be password protected as you want to avoid losing control of it and the machine you have installed it on.

Really this is no different from perfectly legitimate keylogging and remote management software of which there are numerous examples that can be purchased on the open market.

What I am saying is that there is a grey area into which this software type falls, and it is really the motivation of the user that determines whether it is malware or not.