Security researchers warn of new email spam campaigns that are masquerading as official Twitter messages that link to malicious websites. Some of these attacks direct users to phishing pages, while others to websites pushing computer trojans or scareware.

One of the spam messages claims the email address associated with the user's Twitter account was changed, an action, which requires confirmation by visiting a special URL. The link included in the offending email directs users to a phishing site that tries to steal their Twitter login credentials.

The second attack masquerades as a security alert regarding an alleged Twitter password theft attempt. The email recommends that the user installs a so-called “secure module” that can be downloaded as a .zip archive from a link included in the message. The archive actually contains a computer trojan  whose purpose is to install a scareware program.

The trojan drops several components into the Windows Temp folder, starts when any executable file on the system is opened, disables the Windows task manager and pops up fake security alerts. The fake antivirus program downloaded and installed by this malware is called “Protection Center.”

Even online pharmacy spammers have started using this Twitter-style email template to advertise unregulated pills.

Ref: http://news.softpedia.com/news/Flurry-of-New-Email-Based-Attacks-Impersonate-Twitter-144216.shtml