In related news, apparently Sony's web-based XCP uninstaller that was available for several weeks is theoretically capable of causing even worse damage than the rootkit itself. From Freedom-to-Tinker's article:
When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission.
This problem is only likely to affect a small number of people, and the FTT folks go on to detail how you can find out if you're affected—but it's problems like this that demonstrate the need for technologically intelligent people to be part of business and corporate decisions where complex software technologies are being deployed.