13. June 2010 · Comments Off on HoneyBot – Automated IRC Social Engineering · Categories: blog · Tags:

IRC-Junkie is reporting that researchers at TU Wien (Vienna University of Technology, Austria) have developed a software program that performs a “man-in-the-middle” attack between IRC users causing them to click on malicious links at a 76% click rate. As opposed to impersonating a user and attempting to perform one side of the conversation, this program sits between two users and simply makes changes to the words and inserts malicious links.

The so called “HoneyBot” is capable of influencing the ongoing conversation by “dropping, inserting, or modifying messages” and the researchers assert that “if links (or questions) are inserted into such a conversation, they will seem to originate from a human user” and therefore the click-probability will be “higher than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of knowledge that such an attack is even possible and therefore people are not in the least bit suspicious. If HoneyBots become more prevalent, people will be more on guard.

In any case, approach each link cautiously – hover over the link and inspect the URL that is displayed at the bottom of the browser. If you cannot determine exactly where the URL is going to take you, don’t click on it.

Another thought, how long before we see this type of attack in the wild on Facebook?