If you get an email purporting to come from Twitter suggesting that you have forgotten your password, even though you know exactly what it is, you will not be alone. It would appear that around 55,000 people have already received these fake notifications which, as if you haven't guessed, are malicious link-filled spam.
The Websense Security Labs ThreatSeeker Network warns that the spam contains a link to a compromised site which will attempt to download a malicious executable named password.exe that is actually another of those rogue AV applications, this one being identified as Protection Center Safebrowser.
The payload is somewhat more mature than most rogue AV scams in that is will display some of the malware files it installs on the user's desktop, making it obvious that the computer has been infected - and so making the perhaps not so fake after all attack notification more believable.
Still, anyone with a modicum of common sense should be safe enough as they won't click through the links in an email telling them they have forgotten their Twitter password when they have not. The usual advice for those who are a little hard of thinking when it comes to matters of online security applies: always connect directly to the website concerned, or send a new email to customer support, rather than click links in any unsolicited email that arouses suspicion.
