Bitdefender documents a new trojan attack that embeds itself in a Windows DLL
Malware – New Trojan hijacks Windows DLL
http://securitywatch.pcmag.com/malware/294461-new-dropper-trojan-hijacks-critical-dll
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html
QUOTE: Bitdefender researchers have come across a new Trojan that uses a completely different technique. It patches COMRES.DLL so that whenever the DLL gets loaded it executes the malware code. The malware may not get launched the very minute Windows boots up, but it only has to wait until a browser, communications application, or network tool launches COMRES.DLL.
Of course this shouldn’t be possible; Windows shouldn’t permit modification of a critical DLL. However, Bitdefender’s team found that it does. The threat also makes use of a simpler technique that takes advantage of the way Windows programs load DLLs. In many cases, putting a same-named DLL in the same folder as the victim application will cause it to load the changeling DLL rather than the valid Windows file.
Bitdefender provides more details on this new threat:
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html