In July 2011, the source code for vsftpd 2.3.4 was briefly replaced with a version containing a malicious backdoor. This wasn't an accidental bug; it was an intentional injection that allowed attackers to gain root access with a simple string. How It Works