You'll want to "View Source" on your sites to look for a suspicious <b1> tag with odd characters between it...
Something like this:
<b1><!--m8ghGhjjak78ksOgCAMBcATQSH+ziP6FBNrCdbUeHrduJvFEB9 KOtYVGhpquiG2PZmZ5+3BztAss5+EyZBokkPxfSvup2YwTkr7B ZfkdiHSIqKovuTyAgHeIWs=--></b1>
Rackspace is currently doing an investigation on this...because it has infected some of their client's sites.
Here was one of their descriptions for this tag:
The data between the tag is random characters followed by the path to the current file both base64 encoded and compressed. This is quite harmless, but my expectations is that the current tag is a proof of concept that will be eventually sold on the black market to profit from pay-per-click links that can be embedded.
So essentially, a bot is going around looking for files that are not "locked down" and then writing code on the site for the purpose of selling the concept to someone who would use it to serve advertisements on your site...
Hope this helps,