The co-opting of APT by the marketing folks have led to the point that people are classifying any malware, rootkit or bot as "APT".  Zeus is not APT, Aurora is not APT.  APT is a level of threat, a description of the sophistication, patience and talent behind an attack.  The attacks are targeted, typically involving both an exploit and social engineering.  Emails containing PDF exploits don't get spammed to everyone in the organization, they are sent to key individuals with convincing messages.  Bots aren't your commercial, off-the-shelf variety.  They are custom built, hard to detect and typically have multiple instances and functions so an initial remediation sweep will appear successful but miss the deeper, quieter processes.

The attackers monitor the state and success of their attacks and channels.  As one channel goes down, they activate another.  If a node containing valuable data is cleaned, they'll reinfect it from another computer.  They know what they are doing.

Or, to use my own, barbaric way of describing things:

“APT: There are people smarter than you, they have more resources than you, and they are coming for you. Good luck with that."

Damn sales people.