MS Research has published some papers about Rootkit technologies and especially RootKit detection:
This stuff is VERY GOOD to read, and has been positively commented by a lot of people, including Bruce Schneier: http://www.schneier.com/blog/archives/2005/02/ghostbuster.html
The straightforward links to some of these papers are:
Detecting Stealth Software with Strider GhostBuster
GhostBuster tech report
Of course I am not the first person to blog about this, there are loads of other people who spotted the thing earlier than I did, and this new has been commented by many people.
But it is very interesting, and I encourage everybody who hasn’t done it yet to read it.
Some other comments I spotted about these papers can be found at:
Also, Sysinternals has released today a Rootkit detector (looks like RootKits are finally getting a lot of attention these days…)
–edited again at 1:10 am [GMT+1]
now I see that Robert Hensing has been quicker than me, posting even twice about this subject today: