I was about to start looking at creating an analysis to detect this, but from what I can see, it looks like I am going to have to create a fixlet to execute and then retrieve the contents. This link has information on the detection:
I see that in the doc it suggests the following two items that I could check for.
1. grep -r open_tty /usr/local/apache/
2. chattr -ai /usr/local/apache/bin/httpd
The first one is not an issue, but I cannot seem to find a method to get the second.
There is also a python script that can be executed (can be found at: http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/), but i was trying to avoid running scripts.