[Xastir] WAY off topic - but you guys are my' best resource'

[KC7ZRU]

I found someting distrubing tonite on one of my RH 7.3 boxes. It's setup 
as a web server. All ports in are blocked with iptables/netfilter except 
for 80.

In the /tmp directory - an executable binary called 'telnetd', 
user=apache group=apache. It was not running. I never install telnetd on 
anything I setup - ever.

chkrootkit says "OK" for as far as that goes.

logs 'look' clean - no obvious gaps, plenty of worm noise to create a 
backgroud.

I don't recognize anything else as suspicious.

Suggestions? Ideas?