I suspect this was embedded in an ad, as I'm not seeing anything on the pages themselves (though there were a few pages of spam). That would be the easiest way to spread it. If you can identitfy the specific ad in use that would help a lot as we could then report that. Alternatively, if it was on a particular page, it would be good to know that (perhaps it was a false positive; we do have some pages relating to scripts).
Personally, I suggest not using IE would be a good start, but we're investigating. Another good idea is to set the XML kill bit as described in the workaround to this bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS06-071.mspx
The update provided by Microsoft in that bulletin may also help protect against it.