Will the Sweet Orange exploit kit dethrone Blackhole?
Posted on 20 December 2012.
There's a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity.

Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE and Firefox vulnerabilities, and is regularly updated.


The kit's sellers claim that it has a high infection rate, as supposedly 10 to 25 percent of the users that visit pages hosting it will get compromised, but according to BlueCoat researchers, users of underground forums say that the top number reaches only 15 percent.

Still, the sellers apparently guarantee that 150,000 unique visitors will visit the buyers' site daily, which means that, in theory, at least 10,000 machines could be infected every day.

As the kit is currently hosted on 45 different IP addresses / 267 different domains, the aforementioned claims of 150,000 unique visitors sounds realistic.

And unfortunately for potential victims, a variety of online virus scanners does not detect the IP addresses and domains used by the kit as malicious.

"Only 7 of the 20 domains were caught by any of the vendors on VirusTotal: three by one vendor, and four by another, or an average of 0.35 hits per domain," BlueCoat's Chris Larsen pointed out. "It got worse when I checked the IP addresses. There were zero hits on any of the 20."






Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //