Also a lot of scanners these days are "heuristic" which means
They might have spotted an unsophisticated UnrealIRCd attack
They often flag up minor third party programs which violated the heuristic but did not in fact do anything bad
The result is that they're more likely to spot a genuine attack like this, but their users are inured to occasional false alarms and so unlikely to act on it. I scarcely use Windows, and yet I'm aware of several such false alarms from apparently uninteresting programs.
Still, compiling the vulnerable code and running it inside a firewall is safe, any pundit who wants to make a big deal of this should try it and report how many (if any) AV products available six months ago actually spot this.