MalwareHunter

New Member
Hello everyone here in MalwareTips, again!

This time, I'm presenting you the first version of our hosts file updater program, the MHT Hosts Updater Tool.

After we saw that the detection of the C&C domains (on CyberTracker) is very low, we thought about it...And I came up with the idea of a simple tool which adds the domains to the hosts file. And here is it.



System requirements:
  • Windows OS, XP and above (both 32 and 64 bits supported)
  • Internet connection
  • Microsoft .NET Framework version 4 or above
Download link:
Code:
http://cybertracker.malwarehunterteam.com/tools/MHTHUT.zip
What are the functions of the buttons?:
  • "Update the Hosts file" - Appends all the C&C domains from CyberTracker to the hosts file. If a domain already has been added to your hosts file, it won't add it again.
  • "Backup and Update" - Same as the "Update the Hosts file" with only one difference: It creates a backup of your current hosts file. Backup location: "C:\Windows\System32\drivers\etc\hosts_backup_%current Unix timestamp%".
  • "Clean the Hosts file" - Cleans the hosts file. (So it will be empty after cleaning.)

Hope you all like this simple tool. :)

If you have any question or problem, feel free to ask @Malware1 or me in PM, or in comment.
 

Prorootect

Level 53
Verified
Yes very nice simple tool, thanks, but WHY this .NET Framework 4! Please.

I have on my Windows - version 2.0 only, and I wish to delete this cumbersome version, then stick with the 1.1 version of .NET only.
 

Prorootect

Level 53
Verified
Hey, think you about those which (like me) have .NET 2.0 only, please? Read my post above, please ..
 

MalwareHunter

New Member
Great tool thanks ;)
Thank you!
Here is a spelling error "Info" :)
My mistake :D
The word "Into" is correct. It's the name of the site. ;)

Good work guys, keep it up ;)
Nice simple tool. Thanks :)
Thank you both! We are trying to make useful services and programs. :)

Qihoo 360 TS quarantined it: HEUR/QVM03.0.Malware.Gen, 3
It's normal because it's a very new application and it's modifies the hosts file. If anyone can, please report the false positive to Qihoo. Thanks.

Hey, think you about those which (like me) have .NET 2.0 only, please? Read my post above, please ..
When you use a Windows OS in 2014, it's normal that applications requires .Net Framework...You need to understand that.
I have seen many comments by you in the threads of programs coded in .Net...Don't you think that you should change your mind instead of the developers? Sadly or not, currently .Net Framework gives us the possibility to develop simple (and not complex, speed-oriented, etc) applications easily. Thanks for understanding.
 
D

Deleted member 21043

@Prorootect The application which they have developed is suitable to be a .NET application. It's enough to backup a hosts file, clean a hosts file, and append text to the Hosts file. (VB.NET).

The minimum requirements to use this application is .NET Framework 4. It won't take long for you to update to .NET Framework 4.0. I understand you may not want to update, however if not, you simply cannot use their application.
 
Last edited by a moderator:
Because it's a .NET application...
Good luck maintaining a C# program...

Other than the fact that its hard to maintain ; I love this tool. I'll use it every once in a year or so. I am currently no fan of host-files, because if I am not wrong, host files' blacklist checks every website you visit with thousands of its IPs before loading the web page. Not a good choice at all. However, when it comes to my clients' and my boss' PCs, I'll surely refer to them as it is easily one of the more unique utilities. Well done.

I really recommend you to re-write this application in C or even Java in the v2.
 
Basically this is like any other program.There are minimum system requirements.I you want to use the program you need to meet these requirements.Pretty cut and dry
I understand. But I think it's hard for you (the developers) other than the end-users. I personally think C# goes far beyond the simple rival of Java. It creates a Java-like thing, of course, that only supports Windows. I just wrote two lines (the starting and the closing) about the language it's written in. I personally hold no grudge against C#, but I do recommend C. As I am getting old and stupid, you can ignore me, but those were my little suggestions.
 
  • Like
Reactions: Prorootect

MalwareHunter

New Member
Good luck maintaining a C# program...

Other than the fact that its hard to maintain ; I love this tool. I'll use it every once in a year or so. I am currently no fan of host-files, because if I am not wrong, host files' blacklist checks every website you visit with thousands of its IPs before loading the web page. Not a good choice at all.However, when it comes to my clients' and my boss' PCs, I'll surely refer to them as it is easily one of the more unique utilities. Well done.

I really recommend you to re-write this application in C or even Java in the v2.
Thank you for your comment. :)

Once in a year is not good. Because we are adding new C&C domains (usually) every day. And then you will have no protection against the latest ones, only one time a year. We created this tool for "protection". For example, the H-worm and other VBS worms. I saw many H-worm samples with the same C&C domain. And while many AV products can't protect you from VBS worms currently (only based on hashes - but just one character modification enough to change the hash), your hosts file can - if the C&C domain in that worm is an already known one. It just will set a startup entry and thats all. :)

However, when it comes to my clients' and my boss' PCs, I'll surely refer to them as it is easily one of the more unique utilities. Well done.
Thanks! This is why we created this simple tool - to make things easier.

I really recommend you to re-write this application in C or even Java in the v2.
We are have much thing to do and we are not time millionaires...We are reversing, analyzing malware samples, working on CyberTracker and on other private services and programs, etc...So we won't recode it (at least not in the near future). Thanks for understanding. :)

Basically this is like any other program.There are minimum system requirements.I you want to use the program you need to meet these requirements.Pretty cut and dry
Thank you for your comment!


From now, please don't talk about the programming languages in this thread. This section isn't for that (nor this thread). Thanks! :)
 
Thank you for your comment. :)

Once in a year is not good. Because we are adding new C&C domains (usually) every day. And then you will have no protection against the latest ones, only one time a year. We created this tool for "protection". For example, the H-worm and other VBS worms. I saw many H-worm samples with the same C&C domain. And while many AV products can't protect you from VBS worms currently (only based on hashes - but just one character modification enough to change the hash), your hosts file can - if the C&C domain in that worm is an already known one. It just will set a startup entry and thats all. :)


Thanks! This is why we created this simple tool - to make things easier.


We are have much thing to do and we are not time millionaires...We are reversing, analyzing malware samples, working on CyberTracker and on other private services and programs, etc...So we won't recode it (at least not in the near future). Thanks for understanding. :)




From now, please don't talk about the programming languages in this thread. This section isn't for that (nor this thread). Thanks! :)
Thank you for understanding me. :)

I do agree that once-in-a-year isn't enough. But my internet connection isn't the most fast (I wasn't joking when I said that my download speed is 100 KB/s) and I like it when it's stable. After all, I barely visit any suspicious sites or those that are newly formed. At least, those that are not made from big companies. But if you do update it every day, even though I won't have much advantage of it, I'll appreciate that
I do agree that one character changes the whole hash-code. And, if I remember right, if hash check-sum is same, that doesn't necessarily mean that two programs are equal, so there's a decent risk of false positives (for the AVs).

Yeah ; I agree that you shouldn't recode it too soon. I expect the version two to be released in 2016. I just hate .NET Framework and the restriction it puts to maintaince.

Yeah. I'll not talk about programming or maintaince anymore. Great product, I shall look forward its future.
 
  • Like
Reactions: MalwareHunter

MalwareHunter

New Member
I do agree that once-in-a-year isn't enough. But my internet connection isn't the most fast (I wasn't joking when I said that my download speed is 100 KB/s) and I like it when it's stable.
Don't worry. The response currently is under 20KB. I'm sure that you the tool can download it if you can visit MT. :)

I do agree that one character changes the whole hash-code. And, if I remember right, if hash check-sum is same, that doesn't necessarily mean that two programs are equal, so there's a decent risk of false positives (for the AVs).
I already saw a hash collision (MD5) about one year ago. That's why we are using SHA256 on CyberTracker.

Yeah ; I agree that you shouldn't recode it too soon. I expect the version two to be released in 2016.
Ok. But I don't promise anything...
 
Don't worry. The response currently is under 20KB. I'm sure that you the tool can download it if you can visit MT. :)


I already saw a hash collision (MD5) about one year ago. That's why we are using SHA256 on CyberTracker.


Ok. But I don't promise anything...
But with my host files not-so-default (blacklisting too much), my network will be slow as a turtle. But thank you, I'll make sure to refer it to every client that has a faster internet connection.