2.3.4 of vsftpd’s source code was compromised and a backdoor added to the code. The bad tarball included a backdoor in the code which would respond to a user logging in with a user name “:)” by listening on port 6200 for a connection and launching a shell when someone connects. This backdoor was present in the 2ftpd-2.3.4.tar.gz archive sometime before July 3rd 2011. Read more here about how to exploit the backdoor.
Source: https://thehackernews.com/2011/07/video-demonstration-vsftpd-backdoor.html