Sorry - I edited the last post a bit late - as far as I know the standard client will send the tx to all the connections it has (nothing to do with who you are sending actual bitcoin to and in all likelihood your attacker would not even be one of those connections).

Is the point that the attacker is somehow the only connection the victim has to the P2P network?