All these articles are a couple of years old now the impression I gathered from chmag is that this is an emerging trend yet, 2 years on, it's still largely unheard of. So I do wonder just how often infected machines (via user space) become subject to rootkits. I'd say it's likely quite a low ratio.
Which brings me back to my original point: the vast majority of attacks happen in user space.
However, I will concede that I assumed rootkits had pretty much died out entirely. And as security is about covering all bases (both high risks and low risks); I welcome your correction and consider myself better informed :)
Actively working in the Windows server and desktop support world, I can tell you that rootkits are very definitely still an issue.
Older XP clients where every process an admin user runs is elevated or newer Windows versions where a "professional" user with administrative rights willy nilly clicks every UAC dialog for escalation without a thought (especially in regards to installers from questionable sources with malicious payload) - or, worse yet, they've disabled UAC altogether (because the dialogs annoy them) and EVERY process is escalated.
Products like TDSSkiller are still being actively updated and developed - and appreciated by folks like myself.
You can install anti-viral solutions, you can lock down machines with group policy, you can stay 100% on your patching coverage, but as soon as one manager says "my user needs admin rights" - now you've got something you can't lock down.
Which brings me back to my original point: the vast majority of attacks happen in user space.
However, I will concede that I assumed rootkits had pretty much died out entirely. And as security is about covering all bases (both high risks and low risks); I welcome your correction and consider myself better informed :)