i wonder if Avast Behaviour Blocker combined with webshield detects this
http://blog.imperva.com/2011/02/boy-in-the-broswer.html
http://www.imperva.com/resources/adc/adc_advisories_Boy_in_the_Browser.html
quick observation:
the simplest way to prevent this should be fortify of local hosts and DNS entries (any memory)