An administrator of an Ontario university noticed a cluster of Windows 2000 servers crashing at random. The common thing in each blue screen he got was the string "ierk8243.sys". Asking Microsoft turned that they haven't put such a file to their OS.

These pure luck crashes, led to the discovery of a tool named now Slanret,IERK,or Backdoor-ALI. This was a rare Windows "root kit",a variety of programs that tamper with the OS at low-level,rendering themselves invisible even to antivirus software.

E.G. If he tried to search for ierk8243.sys the tool would intercept the low level API of directory returning "not found".Also could hide itself from process list and the registry. So concerns are growing for the existence of such malware in the wild


http://www.securityfocus.com/news/2879