Can I just point out the following little-known facts:

1) the number of script kiddy attacks is inversely proportionate to their effectiveness.

i.e. - there's thousands of teenage students out there, using P2P software and have probably downloaded a generic script which wants to replicate itself and does so via scanning IPs and trying basic exploits

2) another reason there are lots of attacks are because not everyone understands the benefits of keeping systems up to date regarding security exploit fixes etc

3) the VAST majority of script kiddy attacks are automated, basic, and targeted towards the exploits not patched in #2 above.

4) the VAST majority of exploits are for Windows systems, which make up a VAST majority of internet-connected computers

5) the VAST majority of exploits are done for commercial gain in some shape or form

...

Hence, unless you are convinced that you had a manually initiated attack, onto your IP address, using exploits which were sufficient to compromise your own specific embedded Linux variant, and the operator was skilled enough to be able to install a trojan as a result, and they had something significant to gain from doing so on your NAS box (versus the time they would have had to do so, in a time and motion study sorta thing)......then i'd suggest you can sleep safe in your bed.

FWIW, I have LOTS of devices on the internet, and attempted attacks are a regular occurrence. Granted you can't be 100% sure that someone's not smarter than you are, but on the law of averages and looking at the reasons behind the exploits, you really need to chill about this IMHO.

(besides, the NAS specifically included uPNP in order to configure itself to do this very task on the internet - if you were a product designer, would you do this as standard if you weren't very confident about it's security?)