Have you read about the Srizbi Trojan? It runs in kernel mode and is supposedly a bit difficult to remove. I learned about it over at Symantec's Web site where they've posted some technical details.
Intruders are using MPack, which I wrote an editorial about last week, to get the Trojan installed on to people's computers. You can read a bit more about that aspect in Symantec's blog where they reveal that so far the Trojan sends spam and appears to be in a beta state of development. If that's the case then it might take on a more insidious nature in the future.