Remember the Microsoft update of last month and the problems with Zone Alarm products?
What is Kernel Patching?
"Kernel patching" or "kernel hooking" is the practice of using unsupported mechanisms to modify or replace kernel code. Patching fundamentally violates the integrity of the Windows kernel and is undocumented, unsupported and has always been discouraged by Microsoft. Kernel patching can result in unpredictable behavior, system instability and performance problems—like the Blue Screen of Death–which can lead to lost user productivity and data. More importantly, kernel patching has increasingly become a mechanism used by malware developers to attack Windows systems.
Motivations for patching the kernel vary widely. Anti-malware vendors, for example, may intercept system calls to prevent applications they have deemed malicious from creating processes on the system. The goals of these types of software are obviously laudable but these practices also may cause reliability and performance problems. The greatest risk from kernel patching comes from virus and spyware writers that use this technique with malicious intent and to hide their presence.
Malware authors are motivated to patch the kernel because it is a powerful mechanism for attacking the user's PC and data. Patching can be used to implement rootkits, which also hide the presence of other malware on the system. This form of malware can be extremely potent—for example, allowing the capture of banking passwords and monitoring of all user activities.