What also seems suspicious to me is that port 465 which has a shell bound to it (according to chkrootkit), doesn't show up as listening in netstat's output...

Seems like netstat (probably other essential binaries, too) has been tampered with.

Marc

edit: You could of course try telnetting to this machine's port 465 and see if you get a shell or a login prompt or something.