I was thinking "How on earth can it do all those things undetected?" and then I read:
Symantec says it ships as a Windows kernel driver and works to hijack legitimate TCP/IP connections.
Reminds me why our one "this has to be windows" server is firewalled from sending data out, not just connections coming in.