Uhm, if the ip of the site you think you're logging onto also happens to be the IP of the access point, that could be a tip off.

BTW, in one regard this is much more serious than a trojan ... know why ? No latent evidence. You start planting trojans, you're leaving footprints that could eventually be tracked back to you. Rogue AP ? You setup, you harvest, you leave with everything on your machine. Think you have to sit in a coffee shop to do it ? Think again. Think amplifier and extremely directional antenna, broadcasting your signal from the park into the Starbucks, still with a stronger signal than the Linksys in the back office.

Think you can only grab web details ? Think again. You can own all the machines if you'd like ... wha ? Yeah ! Remember, they're going to YOUR content ..... drive-by download anyone ? Script nasties ? Oh and don't forget that you could also do things like push bad certs down. I see it now ....

"The certificate the site is presenting : 'Starbucks' doesn't match the site your are browsing." Accept | Close .

Bottom line, once your MITM you can do all sorts of nasty shit, *including* trojans and beyond.