Update: Twitter says, “The exploit is fully patched.”
Reader Mike sent a video of the exploit in action. As soon as he moves his cursor from the toolbar to the body of the Twitter.com page, it retweets the exploit and attempts to send a Direct Message.
Sarah Brown, wife of former British Prime Minister Gordon Brown, was hit with the exploit earlier this morning. Her page displayed a gigantic letter “h” and redirecting users to a Japanese porn site.
Third-party apps are safe from the bug and can be used to delete the inadvertent retweets if you’ve been hit. But for now, because the exploit is spread merely by hovering over tweets, visiting the Twitter website almost guarantees that you’ll inadvertently end up spamming your followers. [Sophos]