Attackers are completing and submitting web-based “contact us” forms, thereby circumventing spam filters.
Google’s website contact forms and URLs are being used to spread the IcedID Trojan, according to Microsoft researchers.
Attackers are using “contact us” forms on websites to send emails targeting organizations with fabricated legal threats, the researchers said. The messages constantly mention a copyright infringement by a photographer, illustrator or designer, and contain a link to alleged “evidence” of these legal infringements. But the link actually leads to a Google page that downloads IcedID (aka BokBot), which is an information stealer and uploader of other malware.
“As the attackers complete and submit the web-based form, an email message is generated for the recipient of the associated contact form or the target company, containing the message generated by the attacker,” according to the recent post by Microsoft. “The message uses strong and urgent language (‘Download it right now and see for yourself’), and puts pressure on the recipient to act immediately, ultimately forcing recipients to click on the links to avoid alleged legal action “.
Author: Stamps of Tara.