YES Exploit System 2.0 checks if a site is already listed at MDL

[SysAdMini]

http://translate.google.com/translate?prev=hp&hl=en&js=y&u=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26source%3Dweb%26ct%3Dres%26cd%3D5%26url%3Dhttp%253A%252F%252Fwww.hack-info.ru%252Fshowthread.php%253Fp%253D310457%26ei%3DpNeeSprWB4b6_AaE-N39Cw%26usg%3DAFQjCNEUo9EV4haXWSPZ4cKBrjhzWIii1w&sl=ru&tl=en&history_state0=

Verification: авточек Malware Domain List for the presence of your "white" IP-address \ Domain, Malware-sheets. Если ваш IP-адрес\Домен обнаруживается в списке, вам выводится соответствующее уведомление. If your IP-address \ domain is found in the list, you are notified.

[CkreM]

amazing...
 

[RS-232]

...why amazing?It's a 100% retard idea,seems to me they've probably ran out of 0-day exploits,in order to sell out their newer packs...
There are at least 10 extra lists they could make use of...and in all cases,all they would succeed into,would be to become more easily traceable...  

PS: ...maybe next time they should use Google's Safe Browsing api,lmao...  

[CkreM]

its not a retard idea at all.

if its on MDL then they know its public and might get shut down very soon
so they switch everything...

[RS-232]

...sorry if I sounded harsh in my comment above - that wasn't my goal...  
No matter if the data from the various blacklists is partially available to public,
they certainly will still find their way without any delay to ISPs,security companies,
browser developers and the appropriate legal entities of course...  
Thereby the chances they get shut down (or at least blocked by various products),
are more or less the same,no matter if except from the various individual researchers,
exploit pack developers can also see part of this data in public view or not,heh...

Publicity obviously plays a very effective role,but that's just only in the final end to say so...
ie. when it comes to specific cases of really 'dirty' players,ie.say like it happened with Zlkon.lv or Atrivo,
but even such,most of the data was already known to the security community,one way or another...

PS: In short,I believe that exploit pack developers really over-estimate MDL's publishing of domains,
especially since various blocklists already existed way before,although in a quite different way....
Meaning,even if MDL was turned "invisible" for the wide public,they would still get the same effects,
they can be rest assured for that...you simply cannot make "fud" a domain...    

[SysAdMini]

Now Malwareurl.com has been added too.

http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26source%3Dweb%26ct%3Dres%26cd%3D7%26url%3Dhttp%253A%252F%252Fforum.blackhack.ru%252Fshowthread.php%253Fp%253D29411%26ei%3DXEKzSpulNYmF_AbT67zODQ%26usg%3DAFQjCNHymBXwt__DMvA_c6plA9QA2iZfOw

An update to version 2.0.2
Что нового: What's new:
1. 1. Добавлен авточек домена на McAfee TrustedSource; Added авточек domain McAfee TrustedSource;
2. 2. Добавлен авточек домена на MalwareURL; Added авточек domain MalwareURL;
3. 3. Добавлена чистка BDS от 16 Сентября; Added cleaning BDS from 16 September;
4. 4. Добавлен альтернативный редирект-линк; Added alternative redirection-link;
5. 5. Добавлен новый эксплоит; Added a new exploit;
6. 6. Изменен 1 эксплоит, теперь служит для "доработки" загрузок; Changed 1 exploit now serves to "finalize" downloads;
7. 7. Доработан ms09-002; Finalized ms09-002;
8. 8. Почищен(Заменен на новый) подгрузчик PDF(Чистка от 16 Сентября); Cleaned (replace with new) podgruzchik PDF (Shoe of 16 September);
9. 9. Оптимизированна выдача; Optimized delivery;
10.Добавлена доп. 10.Dobavlena add. обфускация шеллкода; shellcode obfuscation;
11.Багфикс для YES Stats Viewer. 11.Bagfiks for YES Stats Viewer.

[.rt]

Google's Safe Browsing added too.
Screen:

[SysAdMini]

Dear YES exploit kit programmers,

I think you have misunderstood how to query our list.
Why do you query a domain but send an IP as a parameter ?
Why do you send a domain name when you query an ip address ?

It doesn't work this way:

Code: [Select]

210.51.10.189 - - [20/Sep/2009:11:54:42 -0400] "GET /mdl.php?search=morde.su&colsearch=IP&quantity=50 HTTP/1.0" 200 5648 "-" "-"
210.51.10.189 - - [20/Sep/2009:11:56:51 -0400] "GET /mdl.php?search=morde.su&colsearch=IP&quantity=50 HTTP/1.0" 200 5648 "-" "-"
210.51.10.189 - - [20/Sep/2009:11:58:21 -0400] "GET /mdl.php?search=morde.su&colsearch=IP&quantity=50 HTTP/1.0" 200 5648 "-" "-"


Code: [Select]

210.51.10.189 - - [20/Sep/2009:11:50:02 -0400] "GET /mdl.php?search=210.51.10.184&colsearch=Domain&quantity=50 HTTP/1.0" 200 5837 "-" "-"
210.51.10.189 - - [20/Sep/2009:11:51:57 -0400] "GET /mdl.php?search=210.51.10.184&colsearch=Domain&quantity=50 HTTP/1.0" 200 5837 "-" "-"
210.51.10.189 - - [20/Sep/2009:11:52:46 -0400] "GET /mdl.php?search=210.51.10.184&colsearch=Domain&quantity=50 HTTP/1.0" 200 5837 "-" "-"
210.51.10.189 - - [20/Sep/2009:11:53:41 -0400] "GET /mdl.php?search=210.51.10.184&colsearch=Domain&quantity=50 HTTP/1.0" 200 5837 "-" "-"


This way it will work.

http://www.malwaredomainlist.com/mdl.php?search=morde.su&colsearch=Domain&quantity=50

http://www.malwaredomainlist.com/mdl.php?search=210.51.10.184&colsearch=IP&quantity=50


Hope it helps

[cleanmx]

cooooooooooooooooooooooooooolllllllllllllllllllllllllllllll

rofl.....

[.rt]

SysAdMini, уёбок
Now i make generator, to create "dynamic" query ...
P.S: "[20/Sep/2009:11:54:42 -0400] "GET /mdl.php?search=morde.su&colsearch=IP&quantity=50" , it's beta-version, someone not updated

[SysAdMini]

SysAdMini, уёбок
Now i make generator, to create "dynamic" query ...
P.S: "[20/Sep/2009:11:54:42 -0400] "GET /mdl.php?search=morde.su&colsearch=IP&quantity=50" , it's beta-version, someone not updated

Oh, I'm surprized. I haven't expected an answer.

[.rt]

))))
now system does IP-check ... domains only ...
P.S: thx

[SysAdMini]

))))
now system does IP-check ... domains only ...
P.S: thx

Was todays DDoS your job ? It started immediately after your last posting in the morning.

[.rt]

It's a test ... sorry )
P.S: Привет secureblog.info

[Serg]

LOL!