[pdxhero]

Quote (more or less) from my post of a couple of days ago:

The program [or program concept - I'm not asserting anybody has actually done this - Jeff] is conceptually similar to a keystroke logger and there are plenty of those around. Just as with keystroke loggers, you have to trick somebody into installing the thing. You are probably committing a serious criminal offense when you do this. But if you're willing to take that risk, there are many ways to accomplish it technically.

The (significant) difficulty, relative to a traditional keystroke logger, lies in the time-value of the information. A keystroke logger can identify (e.g.) likely credit card numbers and deliver them in one of several ways (post them anonymously to a chat group or forum, etc.) The information is valuable for weeks, months or longer. This greatly increases the number of delivery options, decreasing the risk of being detected.

This software would have to deliver the hole cards in "real-enough" time, which pretty much dictates that it make an outbound TCP connection to some port where you'd have a listener to pick them up. Attempting this outbound connection would trigger the victim's firewall program, if s/he had one. In addition, the program has to connect to a specific IP address, which would become evidence in the federal prosecution after you got caught.