Fake sites for popular software have occasionally been used by cyber-criminal groups to push malware. Campaigns pushing IcedID malware (also known as Bokbot) also use advanced distribution technique (it's also common to see IcedID sent through email).

The "official" website for IcedID is http://www.icedid.com/ (this domain has been registered through WhoisGuard, a domain privacy service). The "original" site was of course found to be a fake: http://www.icedid-support.com (yeah, that's the real site!). However, it's not surprising that another fake site would be made to look exactly like this one (it appears to have been created by the same person who created the phony support-site).

The "official" website at http://www.icedid-support.com appears to have been created by Bokbot malware authors.

Taking a look at the site, you can see it's not uncommon for fake software websites to look real. The URLs are slightly different than the original site (http://www1.icedid-support.com/ instead of http://www.icedid-support.com/) but this is a common practice; it's just as easy to create a few non-existent subdomains as it is to create several non-existent domains (common for fake software sites).

‍

Source: Google ads lead to fake software pages pushing IcedID (Bokbot) - AlienVault - Open Threat Exchange