The psyb0t worm appears to be in circulation since the start of the year and targets routers running Mipsel, a form of the Debian Linux distribution designed for MIPS processors.
The worm is believed to be the first of its kind and the researchers at DroneBL estimate it may have infiltrated as many as 100,000 routers.
The worm uses a brute force attack against the router by dictionary checking the username and passwords. This shows the exploitation is not an attack on the flaw in the operating system itself but against poor user security.
"90 per cent of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots," said the DroneBL blog.
"Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable."
Once installed psyb0t allows remote control of the router and infected hardware has already been used to take part in botnet attacks. It also uses deep packet inspection to try and harvest usernames and passwords for other sites.