"The sharp rise in rootkit detections on Windows machines is a direct result of adware/spyware vendors using sophisticated techniques to hide processes and prevent uninstallation, according to anti-virus vendor F-Secure Corp.
The Finnish company, which ships an anti-rootkit scanner in its security suite, has identified ContextPlus, Inc., makers of the Apropos and PeopleOnPage adware programs, as the company responsible for a large number of stealth rootkit infections.
"Howes said F-Secure's identification of ContextPlus and Apropos was rather significant. "Rootkits are commonly associated with out-and-out-malware created by black hats hacking servers and planting backdoors. Yet F-Secure is now saying the most common deployer of rootkits is a commercial adware firm.""
The "commercial use" is just spyware. It doesn't (apparently) install malicious(a matter of opinion?) stuff, or try to take over your machine; but the rootkits can be - and are being - stripped out and used for malicious purposes by others.
In a related story, linked from the above, Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes, By Ryan Naraine, eWeek, December 6, 2005, reports that 50 percent of "basic" WinXP installations are found infected with just one of the several circulating root kits by the Microsoft Malware Removal tool, and up to 20 percent of WinXP installations with SP1 and SP2 installations are infected.
Micorsoft currently downloads to approximately 200 million users via "auto update" and the Malware Removal tool should be included and run monthly for anyone signed up for autoupdate:
"The worm zapper, which is updated and released once a month, has counted more than 1.7 billion executions since it first shipped in January." (That's 1,700,000,000 separate spyware/malware installations killed in the first year.)