As Lost all Faith says, the key here is that you can do "the dirty" in the name of somebody else, without leaving a trail back to yourself.
The good side is, that the attacker needs admin access to the domain controller in the first place, in order to plant the malware. If he can do that, then you have bigger problems than Skeleton Key. Either hackers have taken over your network, or you have an employee with a grudge and the keys to the system.
SK isn't good, but it is probably the least of your concerns by that point - of course, if it is done properly, you won't know that there is anything wrong, or the PFY is busy setting up the bean counters, so that he can get his next big pay rise.
Biting the hand that feeds IT
