Hello

I am using Norton 2009. I am a reseller for hosting, and help my customers update their sites if needed. One of my customers sent me a complaint from a site visitor that said her Mac computer security software picked up a warning of a virus being sent from their site. I visited their site up to Friday without a problem myself. However tonight 2/1/2009, upon receving the notice I went to the site and sure enough I did get a security warning. Norton popped up an Alert which reads:

They have a person working on the SEO for their site, who seems to have added script, code on 3 of their main pages, for SEO pusposes related to Google analytics. I notice pages that were modified after the last date I edited them,  some had this script in common. So I visited the site and seemed to get that alert on the pages that had this script. The strange thing is, each time I get the alert nit shows the "Attacking computer" as my own IP and the Attacker URL as some other site. When I go to those sites using Google's Safe Browsing Diagnostic tool it does show those Attacker URL's as "suspicious" and having Malicious software. These URL's are not always the same.

I also notice that when I remove the script line for the Google analytics code, I no longer get the Alert when visiting those pages. The script is (with the numbers X'ed out):

<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-XXXXXXX-XX");
pageTracker._trackPageview();
</script>

Can anyone shed any light? They get a lot of visitors and I don't want the work day tomorrow to scare off people, especially if there is no malware there.