This is why I use Little Snitch. If there are any rogue outgoing connections, I will know about it. I am extremely selective with the connections I allow my machine to make.
So for those of us who aren't selective with the connections we allow, is it feasible to start using Little Snitch? I'd be interested in trying, but it seems like there would be dozens if not hundreds of "strange" connections that you'd have to filter through which ultimately turn out to be innocent (e.g. OS X update checks).
It provides and then remembers sane choices pretty well. It's easier if you have enough background to understand 'port', 'dns', and 'application', but once you spend a day or two teaching it your habits, it becomes a fantastic tool that is out of your way until the moment it notices something serious.
How does it work with browsers? You have to allow all outgoing traffic to port 80/443 regardless of host/ip? Or be asked every time you visit a different website if you want to allow it or not?
IIRC the default ruleset allows browsers to make any connections on 80/443. You could delete that rule and do it on a case-by-case basis, but it'd be painful.
There are probably browser extensions better suited to restricting browser connections. Maybe run LS on top of one of those so the browser can catch most of them witout making a ton of popups.