Rootkits are not a new trend. They have been around for most platforms since forever. What is new, though, is the lethal combination of an arrogant look on security issues from an ignorant majority of UN*X/BSD/Linux users and the emerging new near monoculture of Linux/x86. The Open Source marketing has made it a point that Open Source software offers better security than proprietary products.The point can certainly be made, but it is not always valid one.
Less enlightened administrators maybe got themselves a Linux server, put Apache on it and stuffed it in an abandoned corner just like the NT/IIS box they had before. The new Linux machine, however, is even much more a black box than the NT machine ever was. The NT machines crashed now and then. They needed new Service Packs to match the upgrades to the desktop machines. Probably the machine owners even bought a virus scanner to keep the machine clean. None of that's happening for the Linux box. It just keeps on running, so why bother feeding it?
This attitude towards technology is a new trend. As the industry and its products mature, people are more inclined to treat computing devices as black boxes. The whole appliance market capitalizes on this urge. The problem here is that most 'black boxes' are not quite as black as people hope. They do need software updates. GNU/Linux does have security problems that need updates. The sheer magnitude of this problem is generally overlooked.
There is a clone army of never updated Red Hat 5.2 machines out there in the big world, and you can trust the fact that 98% of them have since been cracked into by one or several script kiddies merrily using them for their IRC bots or DDoS drones. You can also be assured that these machines will remain to be 'owned' like that for averagely one year. These parasites are a problem that is currently hardly accounted for. Only on the shady world of IRC people get a glance of this emerging problem, where 15 year old pimplefaces with a collection of tarballs and perl scripts are able to warlord thousands of dollars of infrastructure damage at a whim.
On top of the black box problem, the PC architecture (like most architectures) is still far too dangerous to become as dominant as it is. Apart from OS security issues, there are several areas in the hardware architecture that pose serious security risks. One unexplored area of severe exploitation is PCI BIOS code executed on system boot. The dominance of certain classes of PCI card on intel-based server platforms is a likely vulnerability in that way. Although reflashing the system BIOS is usually restricted from hardware, there is very little stopping a privileged program from re-flashing an ATI graphics card, a Threeware IDE-RAID controller or a common Adaptec SCSI controller.
With hacked firmware installed on these cards, privileged code is allowed to run before the OS kernel gets any say. It is not unfeasible to abuse this principle to virtualize part of the other hardware, and thus control the machine at such a level that even a freshly installed OS kernel is fully unaware of the parasite code. No automatic package upgrades will rid the black box of its black hat.
With many networks heading this black box way, it becomes less and less obvious what any component's stated purpose and expected behavior is. The market for hosting and server colocation shows a very complex interaction between wholesale parties, a chain of resellers and end users, making physical access to many server locations easy to achieve. In-house server rooms are no less vulnerable. Like internet hosting, the telecommunications market is a confusing combination of enterprises, all of which generally have one or more points of interaction with a customer. There are so many parties with a legitimate need to get near a company's CAT5 spaghetti, that physical access cannot be seen as a deterrent against anything but random attacks. Unless if you have your servers in a vault, it is reasonable to assume that a determined enemy can and will have physical access to a network.
With physical access to a LAN, the amount of nastiness apart from creating outages or destroying data, can really be scary. Ethernet is an untrusted medium that has no cryptographic protection against inside tampering. A small device the size of a matchbox, stuck in the ceiling on a trunk line between two ethernet switches, could take ages to detect. It could disguise itself as any of the hosts that have traffic passing the wire. Existing patterns of external traffic could easily be used to hitch information outside the LAN undetected. Alternatively, it could introduce subtle errors in the traffic that would create a tremendous burden on the shoulders of the network administrators.
Now that the OS wars have become almost as irrelevant as the browser war and the platform wars, parasites of all kinds can become a big problem. We haven't cared about them so far, it is unreasonable to expect that we will in the near future. We are going to shove internet into more and more of our daily lives, though. And the more we do it, the more it will follow the black box paradigm. Which means the risks we are taking are getting bigger and bigger. Cyber-terrorism may have a silly ring to it now, but we'd better start worrying about it before the problem is real.