Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package.

Malware lures pose as messages such as "Critical tweetdeck update Bank Holiday", a reference to a national holiday in the UK that may suggest the miscreants behind the ruse are based in Britain, net security firm Sophos notes.

Twitter is in the process of resetting the passwords of presumably compromised accounts distributing the dangerous links, which expose visitors to possible infection by Trojan horse malware.

Meanwhile TweetDeck - which has not issued an update - reiterated its standing advice that users should visit its website for patches. By default, TweetDeck updates are offered automatically following the publication of a security or stability update to the software, on Macs at least. ®

Related stories

• Twitter (officially) buys TweetDeck (26 May 2011)
• Twitter blames website upgrade for re-introducing XSS hole (22 September 2010)
• Twitter plugs black-box website vuln (21 September 2010)
• Twitter flaw creates micro-blogging mayhem (21 September 2010)
• iPad scammers hack Kirstie Allsopp's Twitter (6 September 2010)
• Twitter tightens grip on own firehose (2 September 2010)
• Firefox 4 beta crack ruse spreads Trojan to total idiots (6 August 2010)
• Site auto-trawls embarrassing Facebook posts (17 May 2010)
• LinkedIn wedges open API door (24 November 2009)
• Trojan pokes Facebook for zombie commands (3 November 2009)
• Twitter botches patch for nasty account-hijacking bug (26 August 2009)
• Fake Twitter profile punts Orkut attack (9 September 2008)
• Twitter Trojan targets tossers (5 August 2008)