At NetSafe we had this issue raised by a new Orcon customer and there was absolutely no reason for the massive rise in data usage - no sign of malware at all, no sharing of passwords with house guests, good encryption and long passphrase - all the standard consumer security messaging we put out around wireless.
But this would suggest the firmware in the box itself - something the average home user simply plugs in and hopes for the best with - is the issue, leaving ports open that allows DNS resolving to use traffic on their account. Have I absorbed the 2 page thread correctly?
So how do we convey blocking ports and setting up a DMZ to the average home user? Or should the home user only use the modem the ISP delivers and hopefully has tested and secured?