Purpose: you can't defend against what you don't know. Here's a primer on some of the tactics black hats might use.
http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Release your virus Friday afternoon. Offices empty out Friday afternoon, and sysadmins don't work weekends.
Counter: someone is the primary contact at ALL times (24/7). Not always the same person. Schedule off times, rotate duty
While social engineering (tricking users into running the virus for you) is a common tactic, the propagation speed isn't as fast. Speed is important, because as soon as the anti-virus companies detect a new virus, it gains a signature and is dissected. Thus speed is important in spreading faster than patches are applied.
Counter: keep systems patched. Intrusion detection system (ie Snort) with alerts to cell, email, pager
Spread through every vector possible
mount external drives and copy yourself
mount network shares, copy yourself, then schedule a task to execute the copy on \\box\$ADMIN
email lists (outlook, thunderbird)
saved browser passwords to login to web-based mail
use a password dictionary to brute force admin acounts
something I haven't seen yet: using rainbow tables or just plain brute forcing LM passwords (embedding john the ripper, L0phtcrack)
use a random string generator for file names
End goal: Besides causing headaches,
collecting personal information from the user
forming a botnet (controlled via encrypted IRC channel)
DDOS
spam mail server