Popular micro-blogging service Twitter is again under attack, with a nasty worm spreading rapidly and using Google's goo.gl URL shortening service to send the unwary to malicious pages.
The worm appears to be targeting those who use Twitter's mobile website, mobile.twitter.com, and forcing their account to post a link that spreads the infection when clicked.
In some cases, the message claims that the afflicted Twitter user has "just found the easiest way to track who follows and unfollows you" - using social engineering to convince users to click on the included link. In other cases, the link is posted without comment - relying on the poster's reputation to get clicks.
While the flaw doesn't appear as wide-spread as the attack the site suffered back in September, which was able to spread simply from a users hovering their mouse over the malicious message, it's proving a major issue with plenty of users affected - including our own Stewart Meagher, who managed to post the link from Twitter's mobile website despite his mobile being in another room at the time.
Speaking to TechCrunch, Twitter's Troy Holden confirmed the existence of the worm and claimed that the company is resetting the passwords of affected user accounts - suggesting that the flaw may result in a user's password being disclosed to a third party.
With the micro-blogging service growing in popularity, attacks like this are becoming increasingly common - and often leave Twitter playing a dangerous game of whack-a-mole with the attackers while legitimate users are targeted.