A flaw in the website of microblogging service Twitter is being used to pump out pop-up messages and links to porn sites.
Users only have to move their mouse over the link - not click it - to open it in the browser. Thousands of Twitter accounts have so far posted messages exploiting the flaw including Sarah Brown, the wife of former Prime Minister Gordon Brown.
The malicious links look like a random URL and contain the code "onmouseover".
Some reports suggest that the code is being spread by a worm, a self-replicating and malicious piece of code.
Mr Cluley of security firm Sophos said that until the flaw was fixed users should use a third-party Twitter client - such as TweetDeck - rather than the Twitter.com website.
It is not the first time the service has suffered an attack.
In April 2009, another worm spread links to a rival site, again showing unwanted messages on infected user accounts.