The FTP server in the Sasser worm family has an apparent buffer overflow vulnerability. A small program has appeared on the InterNet that exploits this vulnerabilty and opens a remote shell on TCP port 530 (by default).
The idea behind the exploit is unknown considering that computers infected with the Sasser worm are most likely vulnerable to MS04-011 already. On the other hand exploiting a vulnerabily in a virus is quite unusual.