13. June 2010 · Comments Off on HoneyBot – Automated IRC Social Engineering · Categories: Social Engineering · Tags: ,

IRC-Junkie is reporting that researchers at TU Wien (Vienna
University of Technology, Austria) have developed a software program
that performs a "man-in-the-middle" attack between IRC users causing
them to click on malicious links at a 76% click rate. As opposed to
impersonating a user and attempting to perform one side of the
conversation, this program sits between two users and simply makes
changes to the words and inserts malicious links.

The so called "HoneyBot" is capable of influencing the
ongoing conversation by “dropping, inserting, or modifying messages”
and the researchers assert that “if links (or questions) are
inserted into such a conversation, they will seem to originate from a
human user”
and therefore the click-probability will be “higher
than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of
knowledge that such an attack is even possible and therefore people are
not in the least bit suspicious. If HoneyBots become more prevalent,
people will be more on guard.

In any case, approach each link cautiously – hover over the link and
inspect the URL that is displayed at the bottom of the browser. If you
cannot determine exactly where the URL is going to take you, don't click
on it.

Another thought, how long before we see this type of attack in the
wild on Facebook?