Pretty good.

Of course, this (unlikely) scenario is part of the motivation for regular blockchain benchmarks being encoded into the source code of new releases.  So your attacker would still have to come up with a fake blockchain that not only matched those benchmarks precisely without violating any of the other valid block rules on any of his fake blocks and have such a blockchain ready that was at least as long as the benchmark shipped in the latest version before the standing network would receive it.

And if any copy of the real blockchain were to be reintroduced to the network before the fake one could develop a greater total proof-of-work, the real blockchain would force a network split that would eventually destroy the fake one.