The kesxerwoc.kz has been listed on Cyberwarzone as it has been identified by fidelissecurity.com as a malicious domain. In this particular case, we are dealing with a Pushdo Trojan domain which is used by cybercriminals to install Trojan on devices of unaware users or as a gateway for the Trojan to exchange information with the C&C server.
The Pushdo Trojan is classified as a “downloader” Trojan, meaning that its true purpose is to download and install additional malicious files on the infected device.
Fun fact: Did you know that once you visit one of the C&C servers of Pushdo with the wrong URL, it will send you a random message back like “Looking for Blackjack?”. The cybercriminals have implemented this to “trick” people into believing that they are visiting a website instead of the Pushdo C&C server.
|
DOMAIN |
TROJAN FAMILY |
FOUND BY |
|
kesxerwoc.kz |
pushdo |
fidelissecurity.com |
Aliases for the Pushdo Trojan:
- Trj/Downloader.SIA
- Backdoor.Win32.Agent.ehg
- W32/Smalltroj.CQWT
- Troj/Agent-GNA
- W32/Smalltroj.CQWT
Please use the following resources to get a better understanding about the Pushdo Trojan:
- http://www.secureworks.com/research/threats/pushdo/?threat=pushdo22007-12-17
- http://www.sophos.com/security/analyses/viruses-and-spyware/trojpushdogen.html021215-0628-99
- http://www.iss.net/security_center/reference/vuln/Trojan.Pushdo_Variants.html
- http://www.theregister.co.uk/2014/07/17/pushdo_trojan_outbreak/
Is your PC infected?
It is possible that your computer has been infected and has alerted you the IP address. If that is the case, we have setup various guides on Cyberwarzone on how to protect your computer against malicious users and unwanted actions.