A cross-site scripting worm was spreading in Twitter profiles for several hours last night.
People started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this:
Later on the messages morphed several times:
Many people followed the links to stalkdaily.com, as they believe the messages to be genuine Tweets from their friends. A cross-site script on the site then caused new users to start to Tweet the same messages.
More info on the technical internals of the attack are available at dcortesi.com.
As expected, the whole worm was a publicity stunt by stalkdaily.com.
You can see the latest official status of Twitter from their status page at status.twitter.com
We detect the script file as Worm:JS/Twettir.A.
Updated to add: This is not over. There's going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don't view profiles, don't follow links. It's beautiful outside, maybe go for a walk instead?
Here's one current variant: