TDL4 rootkit is latest version of an older rootkit also known as TDSS and Alureon. The rootkit evades a protection in Windows 7 and Windows Vista that requires kernel-level code loaded onto a machine to be signed. The malware evades this protection by changing the boot process on protected machines, an analysis by Sunbelt Software says. Microsoft says the rootkit does not actually bypass the protection because it doesn t inspect all loaded drivers, only the code used by the kernel.
Source: https://threatpost.com/tdl4-rootkit-bypasses-windows-code-signing-protection-111610/74676/

