From arstechnica (and other sources), new malware from Russia has been found on an estimated American 500K devices.
The FBI issued the following statement on what to do to protect yourself:
Note that this is not a permanent fix. The malware is not completely removed if your device is infected. It will attempt to reinstall. This is a stopgap intended to buy the government and security experts time to fix this.
Yes, any consumer router made by the manufacturers listed (just easier to reboot at this point).
I would need to do some more digging into technical bulletins to understand exactly how infected machines are detected on networks, but I am happy to do so if you would like. Cisco issued a warning earlier last week identifying the issue, so there are indicators. (ETA - it could stop working, according to the alert. That is one of the risks.)
The best way to interpret where we are now that is that they need more time to understand this, and rebooting all routers removes the most dangerous parts of the virus from infected routers. It will leave some parts on your router, however, if you are infected. Longer term, the fix is that router manufacturers, the government, and security companies will work together to provide firmware patches. You’ll need to upgrade your firmware when those are available. This is the solution. Replacing the router won’t remove the vulnerability unless it has the new firmware.