F-Secure has information regarding a cross-site scripting worm spreading in Twitter profiles for several hours last night. Twitter users started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this:

stalkdaily's Worm-driven Tweets

Many users thought the ‘tweets’ were legitimate communications from trusted friends and clicked on the link to ’stalk daily’. That caused more users to receive the bogus message.

This worm was a publicity stunt, and Tweeter removed the malicious script file named Worm:JS/Twettir.A. All these attacks are Javascript-based and can be circumventing by turning off Javascript off in your browser.

If you are interested in more technical details, check out this blog entry:

http://dcortesi.com/2009/04/11/twitter-stalkdaily-worm-postmortem/