Not sure if anyone has posted this or not, but bleeding snort has released rules (a couple of days ago) that detect the sony rootkit phoning home. If you auto update your bleeding snort malware rules, you should already have it enabled. If not, it in the bleeding-malware rule set.

I'm using both the bleeding snort rules and the delayed rules release. I didn't see anything in the official rules regarding sony's rootkit... but then again, I didn't look that hard.

I just wanted to see if any of our lusers had installed this on their machines. So far, we're looking good.

Another good article @