Will the Sweet Orange exploit kit dethrone Blackhole?
Posted on 20 December 2012.
There's a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity.

Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE and Firefox vulnerabilities, and is regularly updated.


The kit's sellers claim that it has a high infection rate, as supposedly 10 to 25 percent of the users that visit pages hosting it will get compromised, but according to BlueCoat researchers, users of underground forums say that the top number reaches only 15 percent.

Still, the sellers apparently guarantee that 150,000 unique visitors will visit the buyers' site daily, which means that, in theory, at least 10,000 machines could be infected every day.

As the kit is currently hosted on 45 different IP addresses / 267 different domains, the aforementioned claims of 150,000 unique visitors sounds realistic.

And unfortunately for potential victims, a variety of online virus scanners does not detect the IP addresses and domains used by the kit as malicious.

"Only 7 of the 20 domains were caught by any of the vendors on VirusTotal: three by one vendor, and four by another, or an average of 0.35 hits per domain," BlueCoat's Chris Larsen pointed out. "It got worse when I checked the IP addresses. There were zero hits on any of the 20."






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //