Kabel fromĀ 0xbadcab1e just told me that there is a new XSS worm on twitter. If you would like to see the worm in action search for onmouseover on twitter. After some seconds there is a a area for real time results. Inside is an update of how many new tweets came after you started searching. For me it increased within 4 minutes by 25.000 new tweets.

It will be interesting if Twitter has to take down their services to get rid of the worm.

Another option would be to implement a hot fix, which is filtering on the onmouseover, to prevent the worm from spreading further. Once the hot fix is in action, the admins can remove the worm from the twitter database.