Fascinating read at Email Battles with a write up by the author of known rootkit, Hacker Defender. He goes by the name holy_father and explains why he writes rootkits. Some excerpts:
Antivirus companies sell a fake sense of security, but they do not bring real security to your computer. Antivirus just fights programs that are visible to common users. They don't care about the cause.
Holy_father says antivirus companies' attitudes bring them money.
This attitude brings money to security companies because their users download upgrades and buy new versions of their products. This is why these security companies don't want to change the situation.
He claims that Hacker Defender and other rootkits force security companies to improve, but says "there is still a lot of work to be done with rootkit detectors and antivirus products." He also talks about Microsoft's Malicious Software Removal Tool, which has Hacker Defender in its detections.
[...] the latest MSRT does not even detect the latest public version of Hacker Defender (hxdef 1.0.0 revisited), which was published weeks ago and is available for download to everyone, with full source code.
He talks about code scrambling and says:
It is really as easy as changing one byte here and there to fool your expensive antivirus product.
This fact forced us to think about how antivirus products are implemented and what all those powerful heuristics engines that reveal even unknown future threads really mean. Just visit some antivirus vendor website to see what they offer. Then modify a few bytes in your favourite destructive malware and create your own opinion.
The world is still waiting for the first real rootkit detector that would bypass Hacker Defender's antidetection engine. Hacker Defender is just there to show they have to improve their products.
The Email Battles' web page has a link to another write up by holy_father, his take on the Sony BMG DRM rootkit. The page has lots of links about rootkits as well as a list of links titled "Sony BMG Death Watch Central".