The Online Timer scam claims to measure how long . It spreads via seemingly innocuous Twitter messages along the lines of "I have spent 30 days, 14 hours on Twitter. How much have you? Find out here," followed by a shortened link to a malicious Website.

Anybody who clicks the link is directed to a Website that requests to connect to the user's Twitter account in order to measure their usage. The first thing it actually does, however, is post the same message in the user's feed, this time with a different and seemingly random time measurement, but with the same link.

Oblivious to this happening, the user is rewarded with a pop-up window that claims to show how many views the user's account has had. Again, the number appears to be random. By way of the main payload, a pop-up window then appears offering an IQ test, which it's claimed the user must complete to defeat spam and "verify you are not a bot." Upon completion of the survey, users are requested to enter their cell phone number to receive further questions, although the small print says that users will be sent four text messages a week, at a cost of $2 each.

It's a clever scam that tiptoes effectively through the minefield of credulity. It's not hard to see why people would fall for it, although it's good to see that the savvy and urbane "Twitterites" perhaps aren't that much brighter than the grass-grazing Facebook multitude.

I've always had a quiet admiration for malware writers who manage to succeed. A good attack vector is a piece of pure wit, like a good joke; it manages to bypass our defenses and draw us in. Of course, if the malware is destructively malicious rather than just annoying, then my admiration is a little tempered.