The version of vsftpd that contained the "smiley face" backdoor was vsftpd 2.3.4. This compromised version was available for download between June 30, 2011, and July 3, 2011, and included a backdoor that would open a shell on TCP port 6200 when a user logged in with a username containing the smiley face ":)"
. This backdoor was not a typical security vulnerability but rather a maliciously altered version of the vsftpd 2.3.4 binary uploaded by an unknown attacker to the official download site. When exploited, it allowed remote attackers to execute arbitrary code with root privileges by connecting to the backdoor shell opened on port 6200
. In summary, the "smiley face" backdoor was present specifically in the compromised release of vsftpd version 2.3.4.
