The SANS Top-20 2006 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts.

[sans.org...]

C6. DNS Servers

2. Spoofing Authoritative zone Answers:
The botmaster establishes a fake web site (phishing site) on a compromised web server. The botmaster then directs the botnet to listen for requests and spoof DNS replies for a particular zone with an answer pointing to the compromised web server. A twist on this attack is to act locally on the bot-infected computer and modify the local hosts file with entries pointing to the fake web site.