03 Jun 2010 11:18 AM
Websense® Security Labs™ ThreatSeeker™ Network has detected a spam posing as a Twitter Password Reset Notification. We have seen about 55,000 instances of this malicious spam email so far.
The spam contains a link to a compromised Web site that, when clicked or pasted into the browser, prompts the user to download a malicious executable named password.exe. The executable turns out to be a rogue AV called Protection Center Safebrowser. What distinguishes this rogue AV from the others is that it actually displays on the user's desktop some of the malicious files it installs. This makes the attack notification more believable.
The attack is detected as Trojan.Generic.Win32 (SHA:0b00649c14b96219dd080a0ce6492c4d04c7f45c) and is currently recognized by 19 of the 41 engines on Virus Total.
Websense® Messaging and Websense Web Security customers are protected against this attack.