Sweet Orange Exploit Kit Offers Customers Higher Infection Rates

The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security.

The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security.

If the claims of Sweet Orange’s authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day.

Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty and Larsen claim is enough to generate the promised 150,000 daily unique views.

The Blue Coat researchers ran a sample of 20 of Sweet Orange’s domains through the scanners at VirusTotal and found that only seven were detected. The IP addresses returned even bleaker results: out of 20 IP addresses, VirusTotal recognized zero.

In terms of infection percentages, traffic generation, and detections rates, Sweet Orange seems pretty troublesome. However, only time will tell if it can compete with the industry-dominating Blackhole Exploit Kit.

Suggested articles

Discussion

  • Anonymous on

    Anyone have the list of known IP addresses/domains for this botnet?

  • my online blog on

    That was an amazing story! I read something identical within a modern technology blogging site. Worthy of checking out.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.