You mentioned this in a PM, and it got me curious enough to poke into it a bit. Interesting stuff...
I think that if I can figure out how to do this (particularly the OS "hoisting"), it could be the Vista replacement for my old XP rootkit. Essentially this would be a class-break for Warden, since you'd be below the kernel. If I'm lucky, some malware writer has already posted code somewhere...
There would be no detection from Warden unless they too jumped into the hypervisor (exceedingly unlikely as they haven't even been willing to go kernel). There are possibly countermeasures (although not detections, unless the coder was stupid). Also I'm not sure I fully understand paravirtualization; I don't think I'd want to even attempt the task of writing a full VM for Windows.
So right now, it's just a (very) interesting long-term research project.
http://www.eecs.umich.edu/virtual/papers/king06.pdf
Our project, which is called SubVirt, shows how at-
tackers can use virtual-machine technology to address
the limitations of current malware and rootkits. We
show how attackers can install a virtual-machine mon-
itor (VMM) underneath an existing operating system
and use that VMM to host arbitrary malicious soft-
ware. The resulting malware, which we call a virtual-
machine based rootkit (VMBR), exercises qualitatively
more control than current malware, supports general-
purpose functionality, yet can completely hide all its
state and activity from intrusion detection systems run-
ning in the target operating system and applications