According to the Russian headquartered IT security vendor, the key feature of the 64-bit rootkit is that it does not try to bypass the PatchGuard kernel protection system, but uses a special digital signature for software developers instead.
The rootkit is, says the firm, distributed via a downloader, which tries to install other malicious software.
Alexander Gostev, Kaspersky's chief security expert, said that the 64-bit driver is signed with something called a `testing digital signature.'
"If Windows `Vista and higher' were to be booted in `testsigning' mode, the applications can launch the drivers signed with such a signature", he said, adding that this is a special trap-door that Microsoft has left for driver developers so they can test their creations.
Cybercriminals, he explained, have also made use of this loophole that allows them to launch their drivers without a legitimate signature.
According to Gostev, this is another example of a rootkit that does not need to by-pass the PatchGuard protection system included in the latest Windows x64 systems.
Both rootkits, says Kaspersky, have similar functionalities in that they block users' attempts to install or run popular IT security software and effectively protect themselves by intercepting and monitoring system activity.
Whilst the rootkit leaves the PC vulnerable to attacks, the downloader tries to obtain and execute malicious code, including the aforementioned Rogue AV for Mac OS X.
This fake antivirus, says Kaspersky, is known as Hoax.OSX.Defma.f and is one of the emerging threats for Mac OS X, which is increasingly being targeted by cybercriminals.