In reply to The Lemming:
It's quite possible to insert things into content as it comes through, but yes, it's extremely rare.
We did it a few years ago as a prank on a flatmate. We got an old desktop, and set up it's WiFi as an access point. Configured it the same as our flat's WiFi, then turned the original off. The desktop sent internet traffic to the router via an Ethernet cable, but only after running it through a squid proxy. We used squid's content adaptation features to play with the webpages she was seeing (and leave everyone else's traffic alone). One day all the images were upside down. The next they were black and white. The day after that, we inserted something into the CSS to make all the text come out backwards. We didn't put any adds in, but it would have been easy enough to insert an IntelliTXT script into the pages, if IntelliTXT had existed back then.
Now, we used a desktop computer to do this. There's no way a typical router could have run the proxy software we used. But this was a looong time ago (the desktop was a pentium IV, I guess that dates it a bit), and routers have got a lot more powerful since then.
If someone wanted to hack a router and do this, I reckon it would be possible. Write a virus that exploits the frankly shocking security on a lot of home routers, and drops in a lightweight proxy server. By inserting an IntelliTXT script or similar, you get the victim's browser to do most of the hard work, so it should be possible to get things working on the limited hardware of a consumer router. Remember, these aren't completely dumb boxes, they usually run some form of Linux, and most of the network-related tools you might need are already there.
Another option would be if a company wanted to run an add-supported low-cost internet service, they could use a real server to do the hard work. I can't imagine a real ISP doing this, but maybe a "free wifi" provider might. Assuming it's not illegal.
To be clear, I've never seen either of those in the wild. I expect compromised routers are worth more as part of bot-nets than serving up adds to their users. Dodgy browser plugins are many orders of magnitude more likely.
Edited to add: This was in an environment were computer-security related pranks were widespread and all part of the fun and games. We also took care not to mess with HTTPS traffic. Pulling this kind of prank on people who aren't willing participants could get you in a lot of trouble.
Post edited at 00:46