Are anti-virus companies companies regularly committing software piracy?
First, I would seriously question whether a malware author would ever bring suit against an antivirus vendor, since it would require admission of a serious crime. But let's suppose that the malware author has already been charged for creation and use of the malware and therefore has nothing to lose by fully admitting authorship.
Copying software for malware analysis seems like a textbook case of fair use (under U.S. law, anyway). Of course, U.S. fair use is a defense that is usable only once you already engaged in a lawsuit (and its parameters are notoriously vague), but let's indulge in a little armchair speculation about how such a lawsuit might resolve. To take the fair use criteria one by one:
Purpose and character of use: The use of the copy is legally transformative, which means that it creates something new, instead of merely attempting to recreate the original. Here, the analysts are producing a malware assessment based on the original software. They're not creating a copy just to have an extra copy; they use the copy to produce something novel. This factor heavily favors the analysts.
Nature of the copied work: The piece of malware is a published, creative work that rightfully enjoys copyright protection. This factor favors the malware authors.
Amount and substantiality: The analysts use the whole software in their analyses. This factor favors the malware authors.
Effect upon work's value: Virtually none, which favors the analysts. In fact, the work has little legitimate market, since its primary use is illegal. (While it may be the case that AV vendors reduce the value of malware by building defenses against it, this is not the same as harm caused by creating a substitute work. Wikipedia sumarizes it aptly: "Courts recognize that certain kinds of market harm do not oppose fair use, such as when a parody or negative review impairs the market of the original work.")
While factors #2 and #3 are in favor of the malware authors, the transformative use of the malware lends tremendous legal weight to the fair use argument in favor of the analysts. Only a judge can make a final ruling on fair use, but I suspect that a reasonable judge would rule in favor of copying malware for analytic purposes.
N.B.: This answer considers the legality of copying from a limited, copyright-only perspective. There are other statutes beyond copyright (e.g., ACTA, DMCA) that may be violated when copying malware or legitimate software without permission from the copyright holder. Even if a use is protected by fair use, the fair use defense protects against copyright infringement only, not other violations that may also occur during (or be necessary for) the act of a fair use.
(For example, you may want to include a few seconds of a movie in a video report for your cinematography class, but your copy of the movie only plays in a proprietary player that does not allow exporting snippets of the film. If you download a tool for circumventing the "no exporting of snippets" restriction of your player, then you have violated the DMCA, even though your ultimate goal was probably fair use.)
In short: the analysts' copyright infringement is probably legally defensible under fair use, but analysts may still be in violation of other statutes that are separate from traditional copyright.
Because there is no illegality in analyzing pirated software. It's illegal to use it and illegal to spread it. It might even be illegal or against EULA to edit software (cracking it often edits some files or binaries).
Also your second comment is a bit weird. Software normally comes with a license you need to accept explicitly or implicitly when using software. It should be readily available to anyone on request. That's rather problematic with Stuxnet since no-one will ever say "Hey I wrote that piece of software that was able to destroy your Nuclear plant and refineries". There is no such thing as an official corporate/state malware author, because no one in their right mind will openly say "I build operational malware for a living". The only place that may openly advertise this, is academics or researchers.
While malware authors in principle would get the same rights, you can't say that it's illegal to analyse it. Software authors do not hold the same rights as for instance artists (writers, painters,...).
But just having it and analyzing it is in principle not illegal as far as I'm aware.
EDIT:
Also this is a legal matter, so the biggest factor will be the intent of the person obtaining the software.
It shouldn't be an issue.
Yes, if you buy Photoshop and upload parts of it to a company server, that's copyright infringement. But AV companies don't need to copy the entirety of Photoshop and keep it. Developers can install a legitimate instance of Photoshop on a single machine. Once they've analysed it, they can store the analysis instead. E.g. hashes of all the files, which might be used to identify Photoshop files and check for potentially malicious modifications. There will be grey areas - and the Photoshop EULA will claim that any deep analysis is illegal - but they're not black enough to be really worrisome.
With malware - yes, we can assume that any creative work is copyrighted, and without a license you have no right to copy it. IANAL. However, in order to obtain damages the malware author would have to claim authorship of it in court. For black software, this would usually be undesirable. And there are legal concepts like "clean hands" - if the software was installed illegally, then I suspect objecting to AV activities would be laughed out of court.
I think I can contrive some darker grey areas. Consider an expensive penetration-testing tool which is "stolen" and incorporated into a "malicious attack tool". Security companies want to analyze the attack tool, but they may have to infringe the copyright of the pen-testing tool in order to use it... but I think it's a much narrower problem than your concern.