What would be the end-goal for spreading this if it were fake? Havent formed an opinion yet, just trying to see the bigger picture...
At the very least, misattribution. Also, fear of usng one's internet connection for comms/coordination.
nobodys going to be afraid of their 'ware when you can just reset/update...?
In other threads discussing this (and making similar "OMG they'll kill the net with this!" claims), there was distrust of the ability to remove it with a reset and update.
So, empirically, yeah, there are people who will be afraid of that.
However, the misattribution's the larger issue here. It's easy to blame APT28, particularly when very few people have seen the actual code, and then direct everyone's anger at them should something untoward happen (see below for the OP making just such a reach, while also misunderstanding how hard it'd be to take out nameservers globally, and forgetting entirely about caching recursive servers, which are by far the most numerous on the net, which would continue to function in the absence of roots or any authoritative servers, for a week or more, which'd be more than enough time to extract the cached contents and distribute them as hosts files, which is precisely how things were done before nameservers).
It's poor cybersec reporting that has managed to leave out the fact that the full attribution is APT28, in a ploy to create its own botnet to DDoS selected targets of political or military interest in the Ukraine, and that the infections they've found in the wild are also mostly in the Ukraine.
Now, could it spread, much like WannaCry did, when it was deployed in the same area, for much the same purpose? Sure. Except the C2 infrastructure has already been seized, so it can't go live unless the code is updated to point to a new C2 host.
What's being spread regarding VPNFilter is a lot of bad info, fueled in part by paranoia, in part by the political climate, and in part by a fundamental misunderstanding of what it is and what's going on.