It's why some people wait for confirmations. The network uses a long block chain. As the blocks come in the double spend would not be able to exist. Only during the time of a branch in the chain could both exist. AFAIK.

If you really think it would be useful to have a program like this, put your bitcoins where your mouth is! Define some requirements and offer a bounty. Encourage others to contribute to your bounty and eventually a developer might take up the challenge and deliver.

If you end up going this route, you might want to consider moving this thread to the Project Development Forum. This is typically where users discuss bounties. There's also a wiki page.

If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.

I think "completely futile" is not a bad starting point. Like you said:

I haven't dived into the source code yet, but I imagine it wouldn't take too much tinkering to modify the standard client so that it could attempt a double-spend on the testnet. I think a developer could do this without too much effort. Conceptually, a Bitcoin network should be able to repel a double-spend, but someone should start gathering empirical data at some point (if the white hats don't get there first, the black hats surely will).

What happens when one node attempts a double-spend? What happens when multiple nodes are coordinated in a double-spend? How many bad nodes does it take for a double-spend to succeed (if any)? I think these questions have theoretical answers, but maybe its time to start gathering some hard data.

Keep us up to date if you decide to create something like this. I, for one, would be interested in what you find out. If I have time, I might like to help out. In any case, it sounds like a fun way to start getting familiar with the standard Bitcoin source code.

I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).  Because no one will store a duplicate tx, theoretically the victim will hold the probably-wont-get-confirmed TX until the probably-will-be-confirmed is confirmed by one of the large-scale miners.

Obviously you won't double-spend but if people accept with 0 confirmations, well you should be able to pull this off.

If there is a double spend the official client does not alert you, but those transactions will show as 0/unconfirmed forever.

Does the client alert you that a transaction has been denied? Or does it just say " 0/unconfirmed " forever?

Please note some sites such as probiwon just wait for 1 confirmation, this could create havoc since you could send thousands of 25 BTC transactions to your acceptor and after the first confirmation it will broadcast a send transaction to your address. It won't check for validity afaik, I will contact him to get on this thread.

Slush's pool's node is on the fallback nodes page.  You ask them? I doubt they give them out freely, but if I were to write a proof-of-concept attack I'm sure they would be happy to help.  If anyone were doing real attacking, I'm sure a good social-engineering attack would easily get the proper IPs.  (plus you can figure out ArtForz's node based on GeoIP, I think he is the only one in the middle of Germany on the node map)