"We’re aware of the ongoing spam attack happening on Twitter and we’re working to bring it under control," the company said in a .

The worm spreads by taking advantage of a common Web programming error, called a cross-site scripting vulnerability, on the Twitter Web site, said Aviv Raff, a computer security researcher. The worm only affects users of the Internet Explorer browser, he said in an interview by instant message.