First up we have Atsiv - a signed driver that lets you load un-signed drivers on Vista x64:
Next we have this interesting blog from Symantec about the kernel mode rootkit / spam engine that was dropped on hacked machines, apparently be some of the 'Italian Job' hacked sites . . .
What I find interesting is that the media made a big deal about the '10,000 hacked web sites' using IFRAMEs to inject malware into vulnerable PCs . . . they didn't really talk about *what* that malware was or how it works or how many potentially owned PCs there are as a result of the mass-compromise.