The developer of ftp-server Vsftpd has let know that on his website a short time a version was that a backdoor contained. It is still unclear how the relevant binary on his website, has come, and those who placed it there.
Vsftpd-developer Chris Evans wrote on his blog that he has a warning had been received that on the Vsftpd site, a tarball was encountered that was not in conformity with the gpg-signature. Upon further investigation, turned out to vsftpd-2.3.4.tar.gz designed for Linux systems, a backdoor to contain. A user who logs in with username ‘:)’ on port 6200, would get access to a shell.
How the manipulated Vsftpd-version on the official website of the ftp daemon ended up, is unclear. The software is provided by the developer, promoted as ‘very safe’. Evans, however, speaks to the suspicion that there is mischief in the game; not only is the backdoor barely concealed, also would the ftp daemon is not active to the outside world to make it known that this is a backdoor. However, Evans decided to take his code to temporarily host it on Appspot.