http://dronebl.org/blog/8
* uses multiple strategies for exploitation, including bruteforce username and password combinations
* any linux mipsel routing device that has the router administration interface or sshd or telnetd in a DMZ, which has weak username/passwords (including openwrt/dd-wrt devices).
* possibly others
We are defintely vulnerable to bruteforce username and password combinations and SSH is on by default.
Dsiable SSHD if you do not use it or
http://bonomo.info/coyote/public-key-encryption.php and harden it as in the section "Tighter Control in BrazilFW".
I'm in the process of testing this worm now.
It would appear that the worm does not execute its first step of uncompressing itself to root and then executing the uncompressed program so we are safe but not from the bruteforce attack. Once bruteforce breaks the password, they have root.