I've actually seen this before, done in a .htaccess (rewrite module) script perhaps?
Ettercap is (very) good for MITM (arp) and DNS spoofing and a lot more of course!
But if you let Ettercap do that, then hmm.. Starting to remember.. Metasploit has
in most http server modules, the functionality to actually make any request to a web-
site request the exe filed specified.
However i guess with a little work from MPack you could make something similar as well buddy ;-)
I hope my answer was sufficient for now :-P