This was also reported on the UK Register
http://www.theregister.co.uk/2010/12...pd_backdoored/
Here is a quote from the article:
John Morrissey, a member of the ProFTPD core team, said in an email sent Thursday afternoon that members "currently believe the vulnerability used to gain access to ftp.proftpd.org was previously announced and fixed in ProFTPD, but was unpatched on the system in question."