said by Lagz:said by sweetnoob :i have a feeling this popular win bypass can be a major botnet.
Put a firewall between the machine that is running this and the internet and check outbound connections.
Or run a packet sniffer.
Anything that can hook into the hardware at that level could certainly be used to hijack computers into a botnet. It's comparable to the TDL-rootkit protected malware that made the rounds last year, some of which used custom boot sectors. One of the final things I do before returning a machine that was rooted, if the owner didn't want to format, is 'play with it' for a day or so on my [hardware-firewalled] home network while I sniff packets. Machines that look clean aren't always as clean as they look.