There are a few "solutions" noted in the linked article:
https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633
1. Make sure remote admin is turned OFF on the router. This should prevent the attack from working, as it connects on the remote admin port of 8080.
2. I think this is genius in its simplicity (it was suggested by one of the comment folks pktman):
Originally Posted By: pktman
I have found that on most of these SOHO routers with HNAP, that disabling remote administration doesn't disable the router from answering HNAP1 requests on the WAN side. Have sent more than a few emails to a few manufactures who replied that devices where functioning "as designed".
I don't like anything like that allowing attackers to probe my systems for information or potentially compromise them. In the absence of anyway to disable this in firmware the only reliable way I have found is to enable port forwarding and forward the traffic into the abyss. To make this safe you need to setup DHCP on your LAN side to not allocate certain addresses. Then port forward the incoming port 80/443 traffic to an ip that isn't assigned to anything.
For example if your routers internal LAN IP is 192.168.1.1, setup DHCP to allocate only 192.168.1.5-192.168.1.250. Then set up port forwarding rules so that incoming traffic to port TCP port 80 and TCP port 443 on the WAN side of your router gets forwarded to 192.168.1.2.
Its not pretty, its not ideal. But on the devices i have tried, it has at least made port 80/443 go dark to the WAN as the SYN's just go into nothingness.
Note that responding to the HNAP1 requests doesn't by itself denote a vulnerability. But it is indeed the router responding to a request for information, vulnerable or not. His solution above prevents this (the response to the HNAP1 requests), essentially blackholing these requests for information.