Will the Sweet Orange exploit kit dethrone Blackhole?
Posted on 20 December 2012.
There's a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity.

Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE and Firefox vulnerabilities, and is regularly updated.

The kit's sellers claim that it has a high infection rate, as supposedly 10 to 25 percent of the users that visit pages hosting it will get compromised, but according to BlueCoat researchers, users of underground forums say that the top number reaches only 15 percent.

Still, the sellers apparently guarantee that 150,000 unique visitors will visit the buyers' site daily, which means that, in theory, at least 10,000 machines could be infected every day.

As the kit is currently hosted on 45 different IP addresses / 267 different domains, the aforementioned claims of 150,000 unique visitors sounds realistic.

And unfortunately for potential victims, a variety of online virus scanners does not detect the IP addresses and domains used by the kit as malicious.

"Only 7 of the 20 domains were caught by any of the vendors on VirusTotal: three by one vendor, and four by another, or an average of 0.35 hits per domain," BlueCoat's Chris Larsen pointed out. "It got worse when I checked the IP addresses. There were zero hits on any of the 20."


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th