At the beginning of this year, at Black Hat Federal Conference, I proposed a
simple taxonomy that could be used to classify stealth malware according to how
it interacts with the operating system. Since that time I have often referred to
this classification as I think it is very useful in designing system integrity
verification tools and to talk about malware in general. Now I decided to
explain this classification a bit more as well as extend it of a new type of
malware - the type III malware.
The article is available as a PDF document here.