Link to the article because you're not making any sense.

"encrypted traffic can flow between the network"

what the hell does that mean?

Layer 3/4 filters with firewall rules don't look at Layer 7 content. These firewalls generally allow/deny access by Port number and/or IP address.

Filters/Proxies with firewall capability that can examine Layer 7 data generally can't see plain-text of encrypted conversations (unless they are used with MiM attacks and able to decrypt the content.) As a result, many network admins choose to allow certain encrypted traffic (often based on ports) because they can't tell what the traffic is, but know it is used for normal work (e.g. SSL and SSH.)

For a virus to, "spread in an encrypted way to a service," but in an automated fashion would make that virus seem more like a worm. It would also (generally) require an exploitable weakness in an open service that offers encryption.

The concept of a Virus that encrypt/decrypt itself has been around for a while and is discussed in books and online. This technique was originally suggested (AFAIK) to avoid scan detection by AntiVirus Software.

Worms are presently using this with e-mail propagation of zip files sent as attachments with "encryption" to avoid mail scanner detection. If this can be done with worms, and a virus can be a payload of a worm (yes, and yes) then viruses can use this. (This is not a new concept.)

I'm not a moderator.

Yes, it is, and/or no it isn't. Which answer you get depends on what you mean by, "getting by a firewall's rules," and what those rules are.

Excellent point. You [ciph3r] must pay tribute to the forums. Your first donation must be in the form of links to your topic as requested by gzzah.

Virus have been able to encrypt themselves as long as I can remember.. some using simple encryption to make themselves hard to debug to others using polymorphic techniques to avoid detection. This would not help bypass firewall rulesets, it would help it bypass av scanners and IDS (which could be on the firewall).

By "ports remaining open on firewalls for encyrpted traffic", I assume you mean something like VPN connections to the firewall. If that be the case, the virus (or worm, as it sounds like you are describing) would have to either infect a host connecting to the VPN (which in that event it is a moot point, the virus/worm will only see it as a network connection.. nothing special) or have the correct info (shared secret, certificate, etc) to be able to connect to the VPN itself.
The latter be the case, it would only work against that target network.