The way that wpespy.dll hooks winsock is probably ye olde detours trampoline, which is pretty obvious.
Although, I do believe ArmA2 is still vulnerable to dll consoleing as the last time I placed a custom winsock dll in the same directory it worked fine. (The actual filtering code in it, not so much.)
Hooking the SSDT is also undetected AFAIK, but it pisses off some virus scanners and is a PITA in x64 windows because of patchguard. (But should be good until he writes a system driver)