The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security.
If the claims of Sweet Orange’s authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day.
Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty and Larsen claim is enough to generate the promised 150,000 daily unique views.
The Blue Coat researchers ran a sample of 20 of Sweet Orange’s domains through the scanners at VirusTotal and found that only seven were detected. The IP addresses returned even bleaker results: out of 20 IP addresses, VirusTotal recognized zero.
In terms of infection percentages, traffic generation, and detections rates, Sweet Orange seems pretty troublesome. However, only time will tell if it can compete with the industry-dominating Blackhole Exploit Kit.