|Well, it's for sure something happening on server side. |
I'm a server host, and am unfortunately familiar with the problem.
attacks appear with rather similar code every time, but it's usually different, the JS is actually processed some how and it's being randomize/encrypted by which ever thing is installed on the host it self.
LET ME SAY, that this has NOTHING to do with your computer, it's something that happens on the server without you necessarily having knowledge of it.
The reason maccafe picks it up as a virus is that the code looks like HEX/BINARY and does not belong where it's found.
the moment you download the page, the anty-virus will strip out that line of code, and let you see the rest of the page.
You will loose your </body> tag as it seems to be attaching to that exact line of code.
also, You did not include all of the code.
having all of the code could allow people to understand what is happening.
The principal of this attack is a simple IFRAME attack, which will direct users to another page without their knowledge.
this could potentially be used to actually server viruse off of your pages, and it's a rather IMPORTANT situation that your host should take care of.
can you send me some info on who you are, your host is, and what the website is ?
I know you are not one of my clients :P
let me know.