http://news.softpedia.com/news/gootkit-banking-trojan-receives-massive-update-506181.shtml Thankfully, presently only targeting France and the UK. -EDIT- DLL stored to here depending on user status per IBM full analysis article: • Malware is written in the form of a DLL file to: LUA Rights: %APPDATA%\Microsoft\Internet Explorer\ ADMIN Rights: %WINDIR%\System32 Ref.: https://securityintelligence.com/gootkit-bobbing-and-weaving-to-avoid-prying-eyes/
It's the same old story, if you block code injection into system processes and the browser, you have already won the battle. It would be interesting to know which type of code injection method is used.