Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd
The bad tarball included a backdoor in the code which would respond to a user logging in with a user name ":)" by listening on port 6200 for a connection and launching a shell when someone connects.

The link for this article located at H Security is no longer available.