Websense has an eye-opening writeup on how some malware is now using ARP cache-poisoning and making the infected machine into an HTTP proxy server. Poof! Your entire network is poisoned! Castlecops has a writeup from someone in China who has experienced this first hand: Machines which are declared clean by multiple AV products still suffer from the IFRAME. Yikes!