Something in the GoDaddy shared Windows hosting server my site uses has been compromised. Some other site on the same server has been hacked, and that hack is then compromising my site and hosting, and almost certainly others on that shared hosting as well.
In short, my blog uses ASP.NET (*not* PHP), my web.config file is being altered by some process to force a call to an added obfuscated PHP file, which then redirects visitors to various other dodgy sites (eg, pharma sites).
Rather than write it all down here, or even try and phone up and explain it to support, I've written it up as a detailed post on my blog. I've even de-obfuscated the added PHP file there. GoDaddy shared Windows hosting compromised