The article says the rootkit works by inserting a line into /etc/rc.local. If my /etc/rc.local file looks OK, can I assume I haven’t been infected, or does the rootkit use more sophisticated means to hide its presence?
No, one of the earlier reports showed how the rootkit detects reads of /etc/rc.local and feeds you a file that looks like it doesn't contain the rootkit loading insmod calls.
Disclaimer: I don't have a copy of the rootkit to experiment with; all of this is pure speculation.
My guess is you could detect the rootkit by booting to a known-clean system -- for example a distro install CD -- and checking the contents of rc.local by mounting the questionable system's fs.
This examination could probably be performed without downtime by taking an LVM snapshot and downloading it to a known-clean machine. The rootkit could fake the contents of the LVM snapshot as well, but it seems like this would be much harder for the rootkit authors and they probably didn't bother.
You might also be able to disable it by modifying your startup scripts to ignore rc.local (perhaps you could put a replacement in a non-standard location if you need the functionality).
In this article it shows a few ways to check. Apparently they did a poor job of covering their tracks and ps will show you a kernel thread of get_http_inj_fr