Will the Sweet Orange exploit kit dethrone Blackhole?
Posted on 20 December 2012.
There's a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity.

Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE and Firefox vulnerabilities, and is regularly updated.


The kit's sellers claim that it has a high infection rate, as supposedly 10 to 25 percent of the users that visit pages hosting it will get compromised, but according to BlueCoat researchers, users of underground forums say that the top number reaches only 15 percent.

Still, the sellers apparently guarantee that 150,000 unique visitors will visit the buyers' site daily, which means that, in theory, at least 10,000 machines could be infected every day.

As the kit is currently hosted on 45 different IP addresses / 267 different domains, the aforementioned claims of 150,000 unique visitors sounds realistic.

And unfortunately for potential victims, a variety of online virus scanners does not detect the IP addresses and domains used by the kit as malicious.

"Only 7 of the 20 domains were caught by any of the vendors on VirusTotal: three by one vendor, and four by another, or an average of 0.35 hits per domain," BlueCoat's Chris Larsen pointed out. "It got worse when I checked the IP addresses. There were zero hits on any of the 20."






Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //