Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft.
Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a copyright infringement by a photographer, illustrator or designer, and they contain a link to purported “evidence” for these legal infractions. But the link in actuality leads to a Google page that downloads IcedID (a.k.a. BokBot), which is an information-stealer and loader for other malware.
“As attackers fill out and submit the web-based form, an email message is generated to the associated contact-form recipient or targeted enterprise, containing the attacker-generated message,” according to Microsoft’s recent posting. “