This does not look like a new development in rootkits. If I understand the article's summary: there's a rootkit that sets a hardware breakpoint on the memory it overwrote in the kernel, and checks to see if access are normal or abnormal; for abnormal access, it subs in fake value for the contents of that range of memory.
If you want to see where the state of the art in rootkits was in 2007(!), read:
Due to the lovely fact, if I recall corectly, that there's two TLB[1], one for instructions and one for data. So you can subvert one or another in order to execute a hidden payload.
If you read the data you think you'll execute, you will be fooled. [2] This is a pretty nice trick.
Once your trusted space is compromised (the kernel space in this case), trying to detect or fix the compromise from that same space turns into a game of Core War: http://en.wikipedia.org/wiki/Core_War
Scanning for rootkits from a hypervisor would solve this problem... as long as your hypervisor isn't compromised itself!
If you want to see where the state of the art in rootkits was in 2007(!), read:
http://i.i.com.com/cnwk.1d/i/z/200701/bh-dc-07-Rutkowska-ppt...
...noting that this is Joanna Rutkowska explaining how to reprogram MMUs (here with MMIO remapping) to defeat hardware DMA memory forensics.