Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time.  

Although some antivirus products will eventually detect this malware at runtime or at one point or another later in time, this leaves a gap in terms of operational insight for security firms hunting down up-and-coming malware campaigns.

What are multiscanners and no-distribute scanners?

A multiscanner is a service like Google's VirusTotal that aggregates antivirus (AV) scanning engines into one big melting pot, allowing users to upload a suspicious file and scan it simultaneously on all the AV engines hosted on the service.  

If at least one of the multiscanner's engines finds the file suspicious, the service shares the result among all AV companies, allowing cyber-security firms insight on new types of malware that their engines are not currently detecting.  

On the other hand, a no-distribute scanner is a service similar to a multiscanner, only that its operators modify the AV engines so they cannot report back to their respective vendors, hence limiting their ability to see the malware uploaded on such a service.  

As you'd image, no-distribute scanners are quite in demand on the cyber-criminal underground, and they have been in demand for years, with several services appearing and disappearing across the years, some going down on their own, while others after law enforcement intervention