This does not look like a new development in rootkits. If I understand the article's summary: there's a rootkit that sets a hardware breakpoint on the memory it overwrote in the kernel, and checks to see if access are normal or abnormal; for abnormal access, it subs in fake value for the contents of that range of memory.<p>If you want to see where the state of the art in rootkits was in 2007(!), read:<p><a href="http://i.i.com.com/cnwk.1d/i/z/200701/bh-dc-07-Rutkowska-ppt.pdf" rel="nofollow">http://i.i.com.com/cnwk.1d/i/z/200701/bh-dc-07-Rutkowska-ppt...</a><p>...noting that this is Joanna Rutkowska explaining how to reprogram MMUs (here with MMIO remapping) to defeat <i>hardware DMA memory forensics</i>.