I'm not sure how it would work:
Say an attacker has 10% more than the current processing power of the legit blockchain, and creates his own blockchain (offline).
When he publishes it, it wouldn't become the accepted blockchain, because the difficulty would be only slightly higher,
but then, the (former) legit blockchain wouldn't be accepted anymore
, either (because its difficulty is even lower).
EDIT: I've just learned from this thread
that there are "checkpoints" hardcoded in the official client.
Determining which chain got widely accepted first
seems like a good solution to determine which one is the legit one.