Hi malware fighters,
Dns-atacks and malware via poisoned arp-attack are a growing threat.
Read: http://www.cisrt.org/enblog/read.php?189
polonus
I have defenses against this.
This is actually a very empty statement since you’re not listing those defenses. IMHO 
I’ve written a couple of thousand of words on this elsewhere so excuse me if i’m a bit tired of writing it down again.
But i’m more curious about what the rest of you do specifically against this…
I've written a couple of thousand of words on this elsewhere so excuse me if i'm a bit tired of writing it down again.Repeating it here isn't necessary but a link to the original post you made would be helpful.
Hi bob3160,
There are programs also for Windows to detect this. Another elegant method could be this.
The final conclusion is that the best way to find injected code was to compare a suspicious document with a known-good document. Of course, the problem is finding a known-good doc to compare to but, with a bit of thought, you could come up with an additional insight – an attacker couldn’t inject a payload into a doc downloaded over SSL. So, I think the following would work nicely:
* wget http://www.microsoft.com/default.aspx (possibly not the _best_ test page, but it'll do for our example)
* wget https://www.microsoft.com/default.aspx
* Diff the two documents and look for obviously injected code.
Unfortunately, the two copies of default.aspx, in this example, will have minor differences but nothing so obvious as an
And you don’t tell us what these are??
Watch out, Bob3160 is coming to bite your head off for teasing us… 
PS For the record i was referring to these programs…