There can't be, because the password must be recovered to submit to the remote authentication system.
Paul Russell suggests on the MIMEDefang list that the ratware could simply pop up a password dialog. Many users will just enter their credentials, not understanding why they got a random authentication request.
I vaguely remember there being a virus that already did this, but I can't remember which one. Make it look like a MUA dialog and people will fill it in. Heck, Thunderbird randomly pops up dialogs demanding my news server password from time to time, for reasons I can't fathom.
