A Web worm and three variants spread to hundreds of user accounts on
Twitter's microblogging network over the weekend, producing upwards of
10,000 posts, or "tweets," to other users, the company stated on Sunday.
The worms, which started spreading at 2 a.m. on Saturday morning, used
a Javascript exploit to take advantage of a cross-site scripting (XSS)
vulnerability in Twitter, infecting users' profiles with malicious
code. The compromised accounts then sent out their own messages to
further spread the worm.
http://www.securityfocus.com/brief/945