Why does a browser attack to load fake AV show your own IP as the source?

Got another one of those lovely little web2.0 attacks today where the social networking page that was as vulnerable as a 3 year old in a dark alley attempts to give me a fake av. i mitigated it with symantec and closed the browser to interrupt the session but when i looked at the Norton Security Suite's notification, it told me everything about the attack including the website it tried to redirect me to but it indicated the attack source was my pc. Is this some sort of loopback thing in the code they use when they infect the social networking page?