Malnets: Large-scale malicious networks via compromised wireless access points

Patrick Traynor, Kevin Butler, William Enck, Patrick McDaniel, Kevin Borders

Research output: Contribution to journalArticlepeer-review

13 Scopus citations


Densely populated areas are increasingly filled with vulnerable wireless routers set up by unsophisticated users. In isolation, such routers appear to represent only a minor threat, but in aggregate, the threat can be much greater. We introduce the notion of malnets: networks of adversary-controlled wireless routers targeted to a physical geography. Similar to Internet worms such as Slammer and Code-Red, malnets are created by the recursive compromise of targeted devices. However, unlike their traditionally wired counterparts, malnet worms exploit only other routers that are within their transmission range. The malnet thus creates a parallel wireless infrastructure that is (a) completely under control of the adversary, and (b) spans a targeted physical area, creating a valuable infrastructure for a variety of virtual and physical attacks. We initially study the propagation characteristics of commercial routers and model inter-router connectivity using publicly available war-driving data. The resulting characterization is applied to well-known epidemiological models to explore the success rates and speeds of malnet creation across cities such as New York, Atlanta, and Los Angles. Finally, we use a sampling of available exploits to demonstrate the construction of multi-vector, multi-platform worms capable of targeting wireless routers. Our analysis show that an adversary can potentially deploy a malnet of over 24000 routers in Manhattan in less than 2h. Through this work we show that malnets are not only feasible but can be efficiently deployed.

Original languageEnglish (US)
Pages (from-to)102-113
Number of pages12
JournalSecurity and Communication Networks
Issue number2-3
StatePublished - 2010

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Malnets: Large-scale malicious networks via compromised wireless access points'. Together they form a unique fingerprint.

Cite this