A quick google on Sweet Orange reveals that it is an exploit kit capable of delivering a wide range of payloads, and is a potent threat to Windows Users... (and I'll leave that right there).
It's one of several exploit kits (Blackhole and Nuclear, just to name two others is a growing field) which cybercriminals now have access to for their various nefarious purposes.
kjpetrie's assessement of this article is spot-on, but there's more out there. Sweet Orange is creating a lot of buzz in security-related web spaces. That it's primary vector involves Apache (the most popular web server on the planet) should come as no surprise. I'm sure the folks at Apache are looking into this with all due diligence and haste.
In reading around on this, I do note a Windows-centric bias that tends to pervade the security blogosphere/journalism space - everyone I've read so far refer to this as a "malicious Linux module" when I doubt they would know a Linux module if it reached up and bit them on their hineys. (What is in
that kool-aid these days?
) Bring your B.S. filter, and set it to "High".
The usual cautions against social engineering are well taken. It only takes a few seconds to make that mistake, a few seconds that could be tempered by sitting on one's hands for a few more seconds while engaging one's brain to really consider what that nice, friendly-looking popup is really asking for, and why...