I am seeing more and more infections on client computers using this rootkit. The common vector i see if either flash or IE ActiveX exploits. It is nearly time to just block flash at the firewall as well as ActiveX.
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months • The Register.