Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: MysteryFCM on February 28, 2008, 11:36:38 pm

Title: vURL Desktop Edition
Post by: MysteryFCM on February 28, 2008, 11:36:38 pm
Meant to post this when I posted about hpObserver but completely forgot about it ....

What is vURL Desktop Edition?

vURL Desktop Edition (vURL DE) is the desktop version of the extremely popular vURL service that we've been running for quite some time now.

This application has been developed solely to provide those that like our service, an alternate method of doing such. This edition also helps to save on my own server costs as it is entirely standalone*, requiring only your own internet connection.

vURL Desktop Edition currently allows you to get and save the source code of any website you fancy with the click of a button, and additionally, see a list of files it currently links to.

As with the online version of the vURL service, this application is and will remain, completely free for both personal and business use.

Current version: 0.2.6 (released a few mins ago)

Changes in this release:

Added: Server IP PTR
Added: Check MDL status (malwaredomainlist.com)

Modified: hpHosts status now shown in main source window aswell

Fixed: Corrected minor issue with Owner info not showing if using MS XML method

Misc: Other minor modifications

System Requirements

Windows 98 or above
64MB Ram
Internet connection
VB6 Runtime files (SP5 recommended)

Additional file's are also required, but should be already present on most systems. If not, these can be found in the Dependancies package on the programs download page.

Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition

Support:
http://forum.hosts-file.net/viewforum.php?f=32
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on March 05, 2008, 12:13:38 am
Version: 0.2.7

Changes:

Fixed: Minor issue when extracting links from meta refresh tag

Misc: Other minor modifications
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on March 09, 2008, 06:55:37 pm
Version: 0.2.8

changes:

Added: Save source to file, including list of links

Fixed: IP not detected when dissecting FTP link containing @ symbol (see notes)
Fixed: Double seperator on right click when not selecting link in source window
Fixed: WhoIs info not displayed when dissecting IP instead of hostname

Modified: Updated ReadMe (Release Notes > General Information)

Misc: Other minor modifications

Quote
Notes:

Previously when dissecting FTP links, the IP was not extracted if the link contained the @ symbol, as is now commonly used by phishers.

To see an example of this, please see the two following links. The first is an example e-mail I received for an eBay phishing scam, and the second, the vURL DE results for the FTP link.

http://it-mate.co.uk/temp/213_197_11_180_-_eBay_Phish-Email.txt
http://it-mate.co.uk/temp/213_197_11_180_-_eBay_Phish-vURLDE_Results.txt
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on March 13, 2008, 10:33:03 pm
Just a note that the online version of this has been completely re-written, and now has a new home :)

http://vurl.mysteryfcm.co.uk/
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on March 25, 2008, 06:56:02 am
Version: 0.2.9

Added: Colour coding based on hpHosts classification (see notes)
Added: hpHosts classification now shown if listed
Added: PhishTank integration
Added: Clear All option to context menu (requested)

Fixed: Minor error with JS escaping when string contains line break or tabs

Misc: Other minor modifications

Quote
Notes:

I've modified the hpHosts query to bring it inline with the new hpHosts query that I wrote for vURL Online. This now also includes a new colour coding, based on classification;

1. Not yet classified = orange
2. ATS or GRM = Yellow
3. All others (EMD, FSA, EXP etc) = red


Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on March 29, 2008, 01:53:16 am
Ooooh, didn't realise this had been stickified ........ cheers guys :)
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 19, 2008, 12:44:53 pm
Hello,

I've noticed some problem with the last version of vURL, when I launch a dissection
vURL sais that there is "no internet connection", but that obviously is not true :)

I'm connected to a router with a lan cable

Regards,
Evilcry
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 19, 2008, 01:17:59 pm
Are you using 0.2.9, or this one?

http://forum.hosts-file.net/viewtopic.php?f=43&t=600
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 19, 2008, 02:44:14 pm
Its vURL Desktop Edition v0.2.9  :)

Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 19, 2008, 02:51:52 pm
hehe can you try 0.3.0 and lemme know if the problem persists? (they've worked fine on my home network, along with a couple others, so am rather baffled as to why it's failed on yours).
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 19, 2008, 04:48:06 pm
Hello,

Also 0.3.0 fails, but I think I've understood why that happens :)

in this computer I use a Lan-> Modem/Router connection but persists also a dial-up connection
builded with Internet Explorer.

Some programs as mirc, skype when are launched opens the Dial-Up Windows,
I think vURL "sees" that exist this connection but is disabled and "thinks" that there is
no connection :)

This evening I'll remove that Dial-Up and if I'm correct, vURL should automatically
switch to the correct eth ;)

I'll write here the results, so if someone have the same problem, knows why..

Regards,
Evilcry
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 19, 2008, 04:54:53 pm
If that does fix it, I'll modify the routine to allow for such :)

Cheers for letting me know :)
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 20, 2008, 04:58:54 am
Hello,

My supposition was correct, when I deleted from IE, to be sure that all Registry Key Entries will be
cleared, vURL 0.2.9 and 0.3.0 started correctly and accepts Dissection requests ;)

vURL seems to resolve correctly the URL, indeed I can see the Server IP correctly solved,
but for every URL that I tried it sais that the server failed to return any actual content
but returned an OK (200) status code
and obviously does not lists images or resolves owner
infos.

If I click into the TextBox that contains all informations (Server IP etc) surely happens an Exception because appears a MessageBox with the message Run-Time:error 429 - ActiveX component can't
create object
and vURL is closed.

If you need other infos tell me freely ;)

Regards,
Evilcry



Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 20, 2008, 07:09:03 am
The only AX used is MSXML, but this should display a non critical error telling you MSXML is missing;

http://www.microsoft.com/downloads/details.aspx?FamilyID=993c0bcf-3bcf-4009-be21-27e85e1857b1&displaylang=en

Even without this, it should work using the URLDownloadToFile method ... which method is showing in the caption bar?
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 20, 2008, 01:34:14 pm
The used method is indeed URLDownloadToFile, I've already installed MSXML,
seems that only in certain cases it crashes now, I'll analyze deeply that thing..

Regards
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 20, 2008, 03:31:47 pm
Lemme know what you find, and cheers :)
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 23, 2008, 01:16:20 am
Sorry for taking so long ...... I've finally gotten round to looking further into this and think I've figured out what was causing you to receive the "Run-Time:error 429 - ActiveX component can't create object" message.

When clicking the mouse on the info box, the program determines whether or not CDO is available (for the Send to recipient menu option).

Can you try this one please?
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 23, 2008, 02:03:28 am
I've just released a newer bug fix version that hopefully fixes both yours, and Jeans bugs :)

http://forum.hosts-file.net/viewtopic.php?f=43&t=625
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 24, 2008, 05:19:32 am
Hello,

I was out for work, I'll try the fixed version and inform you about its works :)

Thank you for your efforts ;)

Regards,
Evilcry
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 24, 2008, 04:00:31 pm
Nice one, cheers :)
Title: Re: vURL Desktop Edition
Post by: Evilcry on July 25, 2008, 08:16:57 am
Great Job!
Seems that all works fine ;)

Regards,
Evilcry
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 25, 2008, 09:09:45 am
Much appreciated, cheers :)
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 29, 2008, 02:56:50 am
The online version has now finally been updated ....

I've finally gotten round to re-writing the link extraction routine for vURL Online, so you will now also see a list of links contained within the source code of the site you are dissecting.

On top of this, it will also tell you;

1. How many links there are
2. How many iFrames there are
3. How many scripts there are

http://vurl.mysteryfcm.co.uk/
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on July 30, 2008, 06:21:20 am
Changes:

Added: Connect via proxy
Added: Prompt when iFrames found (previously only highlighted them)

Modified: Re-written malicious link detection routine

Fixed: Minor bug with prompts (scripts etc being found) not being displayed

Notes:

The "Connect via proxy" option was added for those on ISP's such as Cox, that block known malicious domains, but still need access to them.

Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on August 04, 2008, 11:46:32 pm
Well, I've done a few more updates to the vURL Online site.

First and foremost, I've finally gotten round to updating the FAQ. Let me know if I've missed anything :)

Secondly, I've made a change to the results page. I'm gonna let you guys figure out what the change is ..... and as a hint, query a URL that uses load balancing (e.g. Google's homepage ;)).
Title: Re: vURL Desktop Edition
Post by: sowhat-x on August 05, 2008, 12:41:59 am
Thank you sir!  ;D
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on August 05, 2008, 01:15:33 am
hehe cheers :)

I've just finished implementing the update into hpHosts aswell :)

http://hosts-file.net/?s=microsoft.com
http://hosts-file.net/?s=google.co.uk
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on August 08, 2008, 05:39:05 am
v0.3.3

Changes:

Added: Detect all IP's that a hostname resolves to (including rDNS for those IP's)

Modified: Source button now enabled when clicking to view application log before dissecting site
Modified: Redesigned settings dialog
Modified: Various other modifications

There's also a new change on the Links tab, but I'll let you guys see if you can tell what it is ;)

http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on August 19, 2008, 12:26:41 am
I've just done a couple more updates to hpHosts Online;

1. If no MX records are found for the hostname, it will do an MX lookup for the IP instead

2. WhoIs and Net-block are now no longer displayed by default, to help with loading times. Instead, a linky is displayed to view the information.

3. Previously, when no matches were found in the database for the additional IP(s), you would see "(0)", but not the actual IP - now you'll see the IP aswell :oops:

Example:
http://hosts-file.net/?s=google.com
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on September 16, 2008, 09:28:48 pm
Knew I'd forgotten something heh ..... I've made a few more modifications to vURL Online, and am almost finished a new update to the desktop edition.

http://hphosts.blogspot.com/2008/09/more-vurl-online-updates.html
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on September 16, 2008, 10:22:29 pm
Version: 0.3.5

Changes:

Added: Server selection (see notes)

Modified: Various other modifications
Modified: Updated EULA (End User Licence Agreement)

Notes:

In accordance with the recent changes to vURL Online, I've added an option to use one of the mirrors that have been made available courtesy of my friends at;

TeMerc Internet Countermeasures - www.temerc.com
MalwareTeks - www.malwareteks.com
MontanaMenagerie - www.montanamenagerie.org

Ref:
http://forum.hosts-file.net/viewtopic.php?f=42&t=725

You can select the server, and of course, tell vURL DE to use that server, via the settings (in the Connection options).

Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
Title: Re: vURL Desktop Edition
Post by: JohnC on September 16, 2008, 10:51:21 pm
Keep up the good work :)
Title: Re: vURL Desktop Edition
Post by: MysteryFCM on September 16, 2008, 11:03:02 pm
hehe cheers :)

vURL DE, vURL Online and hpHosts Online, amongst others, are all actually in dire need of re-writing ....... I just have a major lack of time for doing it :(