Easy. Scenario: Malicious attacker looks for exactly what Microsoft detected, and fixes each specific detection while keep operating the undetected ones. The end result would be operational malicious site, without being detected.