Of the rootkits I've pulled off of servers, none of them seem to have been as nasty as what seems to be comming down in spyware these days. I wonder why that is? The SpyWare stuff is all about polymorphic naming, strange services, and outright pervasiveness in everything in the system. The stuff I've cleaned up manually on servers has been relatively easy, and most of it has been some variant of HackerDefender.
Interesting.
Interesting.