The script is part of a malicious iframe attack that works in conjunction with a remote exploit that downloads the Gozi Trojan. While technically not a virus, it does act as a backdoor. Much like other javascriptcross-site-scripting attacks it is used to install additional malicious software through the browsers of your site visitors.
Here's a little background on the Gozi portion.
Unless your hosting company designed or is otherwise responsible for your website, it is most likely that the responsibility lies with you (I am not suggesting it is your fault). Most of these and similar attacks are made possible through poor coding and improperly validated variables within your own scripts. Exploitable variables are quite common in certain versions of
WordPress and other
Blogging software.
Make sure you upgrade your WordPress to the latest version and also check for variable problems within NextGen or other addons.
The most common exploits come in through contact or search forms, but any imporperly validated variable can be exploited. This includes variables that load pages (i.e., ?page=3) or servers content.