Thanks to a small bug in ProFTPd 1.2.10 (upon which GS operates) it's possible to determine valid and invalid usernames.
Now, the fix that's out is described as a "band aid" and, being professionals, I doubt the GS admins would be inclined to slap a half-assed patch onto the server.
So, knowing valid usernames, it may be possible to simply brute-force into the FTP using a dictionary list of popular gamer words and phrases and a sequential number inserter.
And given the general ignorance of site-admins like Virtu, it wouldn't take long to get a bite and onto the server even using a relatively slow attempt frequency across the various valid usernames (IE, without sending up red flags).
From there it's just a case of uploading the server info php file that comes with vBulletin and going to the URL with a browser.
This is all based on a glance at the bug info, mind.