Nearly all computers and networks allow port 80 and 443 communication to flow from trusted computers onto the Internet, and the related response traffic to come back in. If malware wants to be more successful, aside from other port-specific buffer overflows (for example, the MS-Blaster worm on RPC port 135), it should always use port 443. Why? First, it's always open and allowed out onto the Internet, and 99 percent of companies have no way to monitor SSL/TLS encrypted traffic over port 443. The malware can use Internet encryption standards to bypass detection. I'll go further: Any network-connecting malware not using port 443 to dial home and spread is unintelligent software.
When every network and computer in the world closes down every unauthorized port, it won't stop malware. Malware writers require only one guaranteed-to-be-open port to do everything they need.
Least privilege log-on models are great and necessary, but they aren't fail-safe security defenses. Ultimately, the malware writers will easily write around them and continue doing all the mischief they want.
The fourth reason for least privilege
But the fourth reason why least privilege mechanisms are desirable and necessary is that they allow defenders to concentrate their efforts on better protecting fewer ingress points. For example, suppose you have a castle with four entry points over the surrounding moat. When you have that many entry points, you have to provide equal protection (from soldiers, hot tar, flaming arrows, and more) to all four of them; otherwise, the attacker will learn the weakest point and attack it first. By reducing the number of entry points, the defensive force can spend less money overall and better protect what remains. The same goes for least privilege computer defenses.