BBC: Twitter has patched a cross-site scripting flaw on its site that was being used to send thousands of users to porn sites or to serve unwanted pop-up ads. Users who moved their mouse over the malicious links were affected, even if they didn't click. The worm then replicated itself, passing itself along in tweets.
A developer named Magnus Holm seems to be responsible for the attack. "I simply wanted to exploit the hole without doing any 'real' harm," he said. "It started off as 'ha, no way this is going to work.'"