Microsoft warns of future security danger: "Kernel Rootkits"

[Burnout]

Ok, these have been around for a quite a while, since early in the *nix days, however, why hasn't anyone done anything about them?

n particular, some newer rootkits are able to intercept queries or "system calls" that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer's memory, or configuration settings in the operating system's registry, are invisible to administrators and to detection tools, said Danseglio.

Read the rest here.

Basically, if you're infected with a Kernal Rootkit, you can never be absolutely sure that you've completely eradicated the problem. The only way to fix it? Format time.

Thank goodness for SP2.