If I understand correctly, it's written into the ROM of the device itself, not rewritable memory -- sort of like how each USB device has a firmware/driver/hardware ID written for it (which you'll be more than familiar with if you use Windows).
So potentially, the device will still work fine, but transmit the virus while using it. Theoretically, it's an entirely plausible prospect. Practically, however, it will be ridiculously difficult, if not impossible, to pull off. I imagine you'd have to be an OEM for a hardware company and have it written in the code somehow. And then dispensing the virus would depend on how many people bought your product.
Then you'd have to figure out how to make it self-propagating. It's not like all USB vendors use a certain firmware base which has an exploitation in it, which can be written to. It's ROM, it's already written. You'd have more luck trying to write to a burnt CD-R.
Yes, if a virus is written into the firmware, it will circumvent all known protective measures. Theoretically. Also theoretically, somebody can write a virus that wipes out every single bank account. Doesn't matter how difficult it is, theoretically where there's computer software, there's some way to eventually hack it. But it won't happen. Getting the USB virus written in there requires some extremely clever skills, and I can't see how the virus could then write to other vendors' firmware. With that in mind, IMHO this is a 'vapourware virus'.