WebsenseR - Blog: ARP spoofing HTTP infection malware
ARPスプーフィングすることでホームページの書き換えをやってしまう手法を説明されています。
これは怖いなぁ。。。。
The new ARP spoofing virus inserts a malicious URL into the session of an HTTP response, thus including significant malicious content, and then exploits Internet Explorer. At the same time, the virus makes a poisoned host act as an HTTP proxy server. When any machine in the same subnet with the poisoned machine accesses the Internet, the traffic goes through the poisoned machine.