This has happened to many of my clients recently, largely due to some viruses that after infecting a local machine, recovers stored user id/pw information for FTP from the PC. The virus then uploads hidden iframe scripts into pages, causing visitors to these pages to get infected.
Fortunately, Google is finding these quickly and blocking access to the site, but unfortunately many unknowing site owners are not removing the scripts and/or don't know how to go about requesting Google review the site. You can find information on how to request a review from Google at http://googlewebmastercentral.blogspot.com/2008/08/hey-google-i-no-longer-have-badware.html .
If you need assistance in removing the content that caused the malware/attack site label, I've found http://www.iframehack.com to be fantastic. They have assisted me with several sites that I manage and each time the infection was removed and with their assistance, the Google block was removed within a couple of days.
Hope this helps others out there!