MS Research has published some papers about Rootkit technologies and especially RootKit detection:http://research.microsoft.com/rootkit/
This stuff is VERY GOOD to read, and has been positively commented by a lot of people, including Bruce Schneier: http://www.schneier.com/blog/archives/2005/02/ghostbuster.html
The straightforward links to some of these papers are:
Detecting Stealth Software with Strider GhostBusterhttp://research.microsoft.com/research/pubs/view.aspx?type=Technical%20Report&id=875GhostBuster tech reporthttp://research.microsoft.com/research/pubs/view.aspx?type=Technical%20Report&id=775Of course I am not the first person to blog about this, there are loads of other people who spotted the thing earlier than I did, and this new has been commented by many people.But it is very interesting, and I encourage everybody who hasn't done it yet to read it.
Some other comments I spotted about these papers can be found at:http://windowsir.blogspot.com/2005/02/rootkit-detection-ms-way.htmlAlso, Sysinternals has released today a Rootkit detector (looks like RootKits are finally getting a lot of attention these days...)http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
--edited again at 1:10 am [GMT+1]now I see that Robert Hensing has been quicker than me, posting even twice about this subject today:http://blogs.msdn.com/robert_hensing/archive/2005/02/22/378363.aspxhttp://blogs.msdn.com/robert_hensing/archive/2005/02/22/378371.aspx