Quote:
All they have to do is add an entry in the system's hosts file to specify an IP address for the targetted domain, and the user will never be able to tell they're looking at a scammer's site. Macs are vulnerable too.


Looks like this is already happening, JS/QHosts21-A is one trojan I found. As far as the Mac side (or any Unix variant), the trojan would have to have root access to touch the hosts file, and if it has that, the system is screwed anyhow.

Quote:
I think it would make for a great browser feature/plug-in that pops up a warning message anytime you visit a domain who's address was resolved locally. "WARNING: You might be getting scammed."


I couldn't find any info on if Firefox 2 or IE 7 offer this at all. However, one potential fix is to change the resolution order of the system. Simply either remove the hosts file from the resolution table, or move it after the DNS system. Looks like this is doable on Windows the same as Unix.