Linux also has a hosts file. The much larger problem on the Windows boxes was a third-party firewall that had a buggy DNS client that did not do anti-spoofing properly and would accept and cache DNS spoofed data from any source without verification.
The paypal 'attack' is nothing new, we were aware of the same problem back in the days of ASCII only DNS, long before SSL was designed some joker registered Micros0ft.com and put up an attack site. The problem identified by Schmoo had actually been anticipated in the design of the DNS multi-lingual extension, in theory it was not possible to register DNS names with names from different character sets. In practice there are some languages where either the Roman or the Cyrilic alphabet may be used. So one of the registrars had a code page up that accepted both if you registered a name in Tidjuk.
Oh and the paypal 'attack' only affected Firefox.
A much bigger problem is the phishing gangs registering bigbank-security.com, bigbank-login.com etc. etc.