Quote:Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft.
Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a copyright infringement by a photographer, illustrator or designer, and they contain a link to purported “evidence” for these legal infractions. But the link in actuality leads to a Google page that downloads IcedID (a.k.a. BokBot), which is an information-stealer and loader for other malware.
“As attackers fill out and submit the web-based form, an email message is generated to the associated contact-form recipient or targeted enterprise, containing the attacker-generated message,” according to Microsoft’s recent posting. “The message uses strong and urgent language (‘Download it right now and check this out for yourself’), and pressures the recipient to act immediately, ultimately compelling recipients to click the links to avoid supposed legal action.”
Read more: IcedID Circulates Via Web Forms, Google URLs | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
