If you’re on the Twitter site and seeing the new version of the social networking site and merely hover your mouse cursor over a dodgy link, all hell could break loose. Well, not quite the falmes of some eternal inferno, but you could become a victim of a nasty status update that will infect others. It’s not, it seems, particularly malicious (this time). But, this onmouseover exploit could be used for more harmful activitiesm, so take care.

If you see a blanked out Twitter message steer clear, that’s the sign of an infected tweet. You’re safe if you’re on TweetDeck or using another Twitter client. And, presumably, NoScript in Firefox will be set to not activate, although I’ll have to double check that point. Just be very careful logging into to twitter.com the website until they fix the hack.

Lots on the web about the twitattack

• Twitter OnMouseOver flaw poses huge risk to users, is being actively exploited
• Twitter ‘onmouseover’ security flaw widely exploited
• Warning: Onmouseover Twitter Security Flaw Is Wreaking Tweet Havoc
• Gibbs gets bitten by Twitter bug
• Twitter flaw pumps out spam links
• Twitter ‘onmouseover’ security flaw widely exploited (Graham Cluley/Graham Cluley’s blog)
• Mouse over renders Twitter.com useless
• Twitter users including Sarah Brown hit by malicious hacker attack
• Hardcore Twitter Flaw, Leads to Unwelcomed Pop-ups
• Mouse-Over Exploit Hits Twitter.com, Stick to Third-Party Clients for Now [Security]
• Twitter Security Alert: Avoid Clicking Tweets with Only Links (OnMouse Over Hack)