It does this by copying the SSDT directly from ntoskrnl.exe and redirecting system calls to that copy rather than the active SSDT. This can effectively disable security software that relies on SSDT hooks, such as some HIPS and anti-virus software.
Analysis by Hamish O'Dea
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.