The scary thing about this, is that no one knows that yet, despite the fact that it has infected 10's of thousands of sites.
One is that the first request you make to your site may or may not have a <script> tag inserted into it. IF it does, it will only have it on the first request your ip makes. Other than that, doing a tcpdump as described on the cpanel page, or booting to safe mode with a system rescue CD and looking for modified files.
One simple but not 100% reliable thing you may do, is go to the page with IE, and look for an activex warning that you know shouldn't be there. Again, this will only be there for the first request of the IP, and then only randomly.