A new type of rootkit has recently been seen. While most modern rootkits use the MBR and unused sectors of a harddrive, this one also misuses NTFS metadata to inject malicious code into a running OS.

Full article: http://www.securelist.com/en/blog/517/Cybercriminals_switch_from_MBR_to_NTFS