(no title)

If what they write is to be believed, and many people have posted evidence, this is a mirari-style attack on people's home routers via a hole in the TR-069 remote management protocol.

The malware then closed off the management port, locking out the Telekom ISP from performing remote maintenance to fix it. Their advice to "shut off" the devices, seems to be based on the fact that at least some variants of mirari do not persist to the device and only exist in memory.