fna's comment is dated. This one also may be dated in just a few weeks or months from now. For a little while I thought that they were a DNSWCD redirector but one of them I just added to my hosts file (at SecureMecca.com and HostsFIle.org) had a different IP. Here is where you can find MDL's current list (2011-08-05):
I picked one of MDL's URLs at random and was surprised to see no redirect in WireShark. That means the server has probably been hacked. The malware seemed to come down straight from the hopto.org server. No IP address other than theirs any my Linux powered machine were in WireShark. Also, MDL has a few *.no-ip.biz hosts as well. I am going to check one of them out and will report on that domain as well. I still do not like redirector services. But in this case the malware seems to be coming from the redirection service itself. I will have to check out how they are redirecting - e.g., whether they operate like a proxy. Hopefully they will get it fixed. But if they are a proxy I am going to block them anyway in my PAC filter.
http://hopto.org is an umbrella domain offered by http://www.no-ip.com/ . No-IP.com provides dynamic DNS services for (for example) home users to reach their computers, and URL redirection services, among other services. No-ip.com and hopto.org are not content providers or hosting providers, so they do not spam, phish, or serve malware.