In the attack, a link in a message takes the recipient to a fake login page that mimics the look of the real Twitter entry page. If the user types in any credentials there, the attackers take over the account to send out even more hacked messages.
This is only the most recent attack to hit the popular social networking site. Earlier this year, a wave of fake email Twitter invitations carried a mass-mailing worm.The invitations looked like they had come from a Twitter account, but included an attachment that installed a mass-mailing worm that gathered email addresses from the compromised computer.
Also, Koobface infiltrated Twitter during the summer. Infected accounts sent tweets containing a link to a URL that masqueraded as a video site users who clicked on the link were redirected not to the malware site but to adult sites.
And a nasty cross-site scripting worm earlier this year, highlighted the threat of client-side attacks across social networking sites. That Twitter worm spread links to a supposed Twitter copycat site by exploiting a cross-site scripting (XSS) vulnerability and infecting an unknown number of Twitter profiles. Each wave of the worm attacks was more intense than its predecessor.
The current worm problem is being investigated by Twitter, according to reports, though no mention has been posted on the company's official blog.