According to an article on TechHive, a security firm has seen evidence of cable company DVRs here in the U.S. being compromised and used to distribute spam and/or badware.
This is interesting, because the security burden for network appliances like DVRs must, by design, be borne by the manufacturers and service providers. I mean, what are you going to do if your DVR becomes infected? Press the pause button? No, you're going to call your cable company and expect them to fix it. I sure hope the customer service representative has a script for that problem!
Prevention, too, falls more heavily on the device manufacturers. After all, you can't install anti-virus software on your TiVo. Computer and smartphone vendors have historically assigned responsibility for badware prevention to the device owner/user. How will vendors respond when users start calling for warranty service because their network-enabled Blu-Ray players have security vulnerabilities?
It's too soon to tell whether DVR malware is a one-off event or the start of a trend. Either way, it raises some very interesting questions for the consumer electronics market.