http://www.f-secure.com/v-descs/trojan_bash_qhost_wb.shtml
Has the answer. Somehow a Trojan posing as a FLASH installer. (See Steve Jobs is right about Flash) modifies the /etc/hosts file. This file basically says Check ME as the DNS authority BEFORE you go to any DNS on the net and check for Google's legitimate address (74.125.113.106) .
As with ALL Macs, one had to install something (to give it Administrative rights) to actually allow changes to the /etc/hosts file. In other words one could NOT get this trojan by just visiting a web site or openning an email. At some point or another, a fake Flash installer showed up on your screen and said install? And asked for the Administrator's password. When the password was entered the deed was done.
Since this happenned to my daughter's computer, and I HAVE NO IDEA if anything else was modified, I am going to wipe the computer clean with a clean install of Snow Leopard. That will be the ONLY way to know that any other files modified are removed.
Sorry to bring you this bad news.