I'm not sure what to think of this, it didn't become clear what new code injection was actually used. But it does seem to perform process hollowing on svchost.exe, that's why it's so important to simply block malware from the ability to run certain system processes as a child process. The new EXE Radar will give this option hopefully.
Yes, I did read it, but it doesn't sound like a new code injection method, more like a new technique to hide code injection from HIPS, but I might be wrong.