Malware Domain List
Malware Related => Tools of the trade / Internet News => Topic started by: MysteryFCM on February 28, 2008, 11:36:38 pm
-
Meant to post this when I posted about hpObserver but completely forgot about it ....
What is vURL Desktop Edition?
vURL Desktop Edition (vURL DE) is the desktop version of the extremely popular vURL service that we've been running for quite some time now.
This application has been developed solely to provide those that like our service, an alternate method of doing such. This edition also helps to save on my own server costs as it is entirely standalone*, requiring only your own internet connection.
vURL Desktop Edition currently allows you to get and save the source code of any website you fancy with the click of a button, and additionally, see a list of files it currently links to.
As with the online version of the vURL service, this application is and will remain, completely free for both personal and business use.
Current version: 0.2.6 (released a few mins ago)
Changes in this release:
Added: Server IP PTR
Added: Check MDL status (malwaredomainlist.com)
Modified: hpHosts status now shown in main source window aswell
Fixed: Corrected minor issue with Owner info not showing if using MS XML method
Misc: Other minor modifications
System Requirements
Windows 98 or above
64MB Ram
Internet connection
VB6 Runtime files (SP5 recommended)
Additional file's are also required, but should be already present on most systems. If not, these can be found in the Dependancies package on the programs download page.
Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
Support:
http://forum.hosts-file.net/viewforum.php?f=32
-
Version: 0.2.7
Changes:
Fixed: Minor issue when extracting links from meta refresh tag
Misc: Other minor modifications
-
Version: 0.2.8
changes:
Added: Save source to file, including list of links
Fixed: IP not detected when dissecting FTP link containing @ symbol (see notes)
Fixed: Double seperator on right click when not selecting link in source window
Fixed: WhoIs info not displayed when dissecting IP instead of hostname
Modified: Updated ReadMe (Release Notes > General Information)
Misc: Other minor modifications
Notes:
Previously when dissecting FTP links, the IP was not extracted if the link contained the @ symbol, as is now commonly used by phishers.
To see an example of this, please see the two following links. The first is an example e-mail I received for an eBay phishing scam, and the second, the vURL DE results for the FTP link.
http://it-mate.co.uk/temp/213_197_11_180_-_eBay_Phish-Email.txt
http://it-mate.co.uk/temp/213_197_11_180_-_eBay_Phish-vURLDE_Results.txt
-
Just a note that the online version of this has been completely re-written, and now has a new home :)
http://vurl.mysteryfcm.co.uk/
-
Version: 0.2.9
Added: Colour coding based on hpHosts classification (see notes)
Added: hpHosts classification now shown if listed
Added: PhishTank integration
Added: Clear All option to context menu (requested)
Fixed: Minor error with JS escaping when string contains line break or tabs
Misc: Other minor modifications
Notes:
I've modified the hpHosts query to bring it inline with the new hpHosts query that I wrote for vURL Online. This now also includes a new colour coding, based on classification;
1. Not yet classified = orange
2. ATS or GRM = Yellow
3. All others (EMD, FSA, EXP etc) = red
Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
-
Ooooh, didn't realise this had been stickified ........ cheers guys :)
-
Hello,
I've noticed some problem with the last version of vURL, when I launch a dissection
vURL sais that there is "no internet connection", but that obviously is not true :)
I'm connected to a router with a lan cable
Regards,
Evilcry
-
Are you using 0.2.9, or this one?
http://forum.hosts-file.net/viewtopic.php?f=43&t=600
-
Its vURL Desktop Edition v0.2.9 :)
-
hehe can you try 0.3.0 and lemme know if the problem persists? (they've worked fine on my home network, along with a couple others, so am rather baffled as to why it's failed on yours).
-
Hello,
Also 0.3.0 fails, but I think I've understood why that happens :)
in this computer I use a Lan-> Modem/Router connection but persists also a dial-up connection
builded with Internet Explorer.
Some programs as mirc, skype when are launched opens the Dial-Up Windows,
I think vURL "sees" that exist this connection but is disabled and "thinks" that there is
no connection :)
This evening I'll remove that Dial-Up and if I'm correct, vURL should automatically
switch to the correct eth ;)
I'll write here the results, so if someone have the same problem, knows why..
Regards,
Evilcry
-
If that does fix it, I'll modify the routine to allow for such :)
Cheers for letting me know :)
-
Hello,
My supposition was correct, when I deleted from IE, to be sure that all Registry Key Entries will be
cleared, vURL 0.2.9 and 0.3.0 started correctly and accepts Dissection requests ;)
vURL seems to resolve correctly the URL, indeed I can see the Server IP correctly solved,
but for every URL that I tried it sais that the server failed to return any actual content
but returned an OK (200) status code and obviously does not lists images or resolves owner
infos.
If I click into the TextBox that contains all informations (Server IP etc) surely happens an Exception because appears a MessageBox with the message Run-Time:error 429 - ActiveX component can't
create object and vURL is closed.
If you need other infos tell me freely ;)
Regards,
Evilcry
-
The only AX used is MSXML, but this should display a non critical error telling you MSXML is missing;
http://www.microsoft.com/downloads/details.aspx?FamilyID=993c0bcf-3bcf-4009-be21-27e85e1857b1&displaylang=en
Even without this, it should work using the URLDownloadToFile method ... which method is showing in the caption bar?
-
The used method is indeed URLDownloadToFile, I've already installed MSXML,
seems that only in certain cases it crashes now, I'll analyze deeply that thing..
Regards
-
Lemme know what you find, and cheers :)
-
Sorry for taking so long ...... I've finally gotten round to looking further into this and think I've figured out what was causing you to receive the "Run-Time:error 429 - ActiveX component can't create object" message.
When clicking the mouse on the info box, the program determines whether or not CDO is available (for the Send to recipient menu option).
Can you try this one please?
-
I've just released a newer bug fix version that hopefully fixes both yours, and Jeans bugs :)
http://forum.hosts-file.net/viewtopic.php?f=43&t=625
-
Hello,
I was out for work, I'll try the fixed version and inform you about its works :)
Thank you for your efforts ;)
Regards,
Evilcry
-
Nice one, cheers :)
-
Great Job!
Seems that all works fine ;)
Regards,
Evilcry
-
Much appreciated, cheers :)
-
The online version has now finally been updated ....
I've finally gotten round to re-writing the link extraction routine for vURL Online, so you will now also see a list of links contained within the source code of the site you are dissecting.
On top of this, it will also tell you;
1. How many links there are
2. How many iFrames there are
3. How many scripts there are
http://vurl.mysteryfcm.co.uk/
-
Changes:
Added: Connect via proxy
Added: Prompt when iFrames found (previously only highlighted them)
Modified: Re-written malicious link detection routine
Fixed: Minor bug with prompts (scripts etc being found) not being displayed
Notes:
The "Connect via proxy" option was added for those on ISP's such as Cox, that block known malicious domains, but still need access to them.
Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
-
Well, I've done a few more updates to the vURL Online site.
First and foremost, I've finally gotten round to updating the FAQ. Let me know if I've missed anything :)
Secondly, I've made a change to the results page. I'm gonna let you guys figure out what the change is ..... and as a hint, query a URL that uses load balancing (e.g. Google's homepage ;)).
-
Thank you sir! ;D
-
hehe cheers :)
I've just finished implementing the update into hpHosts aswell :)
http://hosts-file.net/?s=microsoft.com
http://hosts-file.net/?s=google.co.uk
-
v0.3.3
Changes:
Added: Detect all IP's that a hostname resolves to (including rDNS for those IP's)
Modified: Source button now enabled when clicking to view application log before dissecting site
Modified: Redesigned settings dialog
Modified: Various other modifications
There's also a new change on the Links tab, but I'll let you guys see if you can tell what it is ;)
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
-
I've just done a couple more updates to hpHosts Online;
1. If no MX records are found for the hostname, it will do an MX lookup for the IP instead
2. WhoIs and Net-block are now no longer displayed by default, to help with loading times. Instead, a linky is displayed to view the information.
3. Previously, when no matches were found in the database for the additional IP(s), you would see "(0)", but not the actual IP - now you'll see the IP aswell :oops:
Example:
http://hosts-file.net/?s=google.com
-
Knew I'd forgotten something heh ..... I've made a few more modifications to vURL Online, and am almost finished a new update to the desktop edition.
http://hphosts.blogspot.com/2008/09/more-vurl-online-updates.html
-
Version: 0.3.5
Changes:
Added: Server selection (see notes)
Modified: Various other modifications
Modified: Updated EULA (End User Licence Agreement)
Notes:
In accordance with the recent changes to vURL Online, I've added an option to use one of the mirrors that have been made available courtesy of my friends at;
TeMerc Internet Countermeasures - www.temerc.com
MalwareTeks - www.malwareteks.com
MontanaMenagerie - www.montanamenagerie.org
Ref:
http://forum.hosts-file.net/viewtopic.php?f=42&t=725
You can select the server, and of course, tell vURL DE to use that server, via the settings (in the Connection options).
Download:
http://support.it-mate.co.uk/?mode=Products&act=DL&p=vurldesktopedition
-
Keep up the good work :)
-
hehe cheers :)
vURL DE, vURL Online and hpHosts Online, amongst others, are all actually in dire need of re-writing ....... I just have a major lack of time for doing it :(