Twitter users were urged to switch to third party clients overnight after malware rendered Twitter.com useless and began posting links to malicious sites from within user accounts.
The microblogging site said this morning that it had fixed the vulnerability.
Thousands of users re-circulated the exploit or were redirected to pages containing further malicious code merely by moving their mouse over a link on the page.
"The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link," said Graham Cluley, an engineer at IT security firm Sophos had posted.
"Messages are also spreading virally exploiting the vulnerability without the consent of users."
Cluley said there was a strong potential for "cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed."