Looks like it's time to break out that new TrendNet router (TEW-652BRP) I purchased three years ago via a Newegg promo & still factory wrapped. The original one of the same model that I was using was running so good, I decided to get another. It'll hold me over until I can get a good non-Linksys brand (they did manufacture Cisco routers, so keep that in mind). I swapped because a Linksys WRT-160N was given to me for installing their new, and it had better range, but no faster speeds, than the TEW-652-BRP.
Used that TEW-652-BRP for over three years with no troubles. other than range in the corner of the yard where the picnic table is.
Note that while Linksys is now owned by Belkin, Cisco owned it between March 2003-March 2013, marketing under the name Linksys by Cisco, and many of these routers are still in the distribution chain, so we're speaking of tens, if not hundreds of millions of routers, still on the shelves. This includes their most popular ever WRT54G, still distributed as new on the Newegg site, though there were a few revisions of the model (one was buggy), that model alone has received many awards for being a top router, and many are still in use today. Though some were flashed to DD-WRT, Tomato, or another Linux firmware, which was out of the box configuration. These units rarely required a reboot & could be placed most anywhere & forget about it & chances are, no other single model of any brand will top the WRT54G in sales.
The first version of the WRT54G was prior to the Cisco buyout & unless the firmware was upgraded with theirs, the users of those are in the clear. I mention this because these routers were built for the long run, it wouldn't be surprising to discover some are still in use.
And chances are, though owned by Belkin, it'll take some time to move all of the units manufactured under Cisco's ownership. I was really surprised to go onto their site & see some of these units on promo for $299.99. If this threat becomes widespread, all of these unsold routers will have to be unboxed, re-flashed with a custom firmware, repackaged, and sold at deep discounts on sites such as Newegg & Amazon. Many may have to be crushed/recycled, because this news cannot & will not be kept a secret under the rug, it will be covered in the national & local news.
It also could be that many of the units in use can be flashed with DD-WRT firmware to avoid the BlackEnergy Crimeware threat, though it's best to check for one's specific model. Flashing a router, just as a computer's BIOS, isn't a risk-free deal, meaning it can lead to "bricking" of the router. That's why it's not recommended to flash the BIOS (or UEFI) of a computer, unless the documentation applies to that user. Meaning if there are no problems, don't flash anything. I skipped two UEFI flashes on my XPS 8700, though performed the 3rd because it had to do with SATA performance with unspecified brands of SSD's.
I've never flashed a router in my life, as low cost as they are, just didn't see the need to, or they were too old to benefit.
Being this is a huge security issue that can affect hundreds of millions (if not more) Linksys by Cisco routers, it's time to begin discussing the alternatives, rather than waiting for the BlackEnergy threat to strike. It would be a massive undertaking for all tech forums combined to deal with decryption or infection on a user by user basis, if this becomes the next "Crypto" type of attack wave.
Reflash or buy another brand? For many, that may boil down to economics, many very high speed (& costly) dual band "N" & "AC" routers are in wide use, as well as older ones, regardless, this cannot be ignored.
Dam hackers! they should try getting real jobs.
Why should they? On a moral level, that's correct, but thieves sets their own rules, and lives by those. There's big bucks in data theft, and the icing on the cake is that no weapons has to be pulled, as in risky bank robberies that are on the decline. While at the same time, cyber crime is booming. This includes Point of Sale (POS) attacks.
As far as running a Linux OS goes, the OS itself is very secure. However, just as any OS, the router is the medium for the transfer of data, and if that becomes infected or hacked, all incoming/outgoing of data from any OS is in danger.
Discussion of alternatives or solutions cannot wait until "tomorrow" or "next week". The time for preventative action is now.
EDIT: All information provided on the history of Linksys & Cisco above came from the below source.
Edited by cat1092, 17 November 2014 - 12:21 AM.