Of course the keylogger could just use the web or mail to export the data. A firewall is virtually useless for stopping outgoung data.

Of course the easier vector is just to dump all the plaintext passwords store in the NIT as well as MicroB and cookies. Installing the malware is easy as most .install files are downloaded over http. and could easily be be subverted with additional code.

Easier yet is just to add code to pidgin.

Reallistically it's not worth the time... even code that subverted 50% of the NIT's thats still less systems than code that subverted .001% of the windows boxen out there.