Twitter onMouseOver flaw poses huge risk to users, is being actively exploited
What happens next is up to the creator. It could be something harmless like the alert box you see above, or it could just as easily be a rogue antivirus pop-up or some nasty porn site. Again, you don't need to click -- you simply have to mouse over a link. As Cluely points out, all Twitter really needs to do is block the OnMouseOver text from being displayed.
TweetDeck reminds users that this exploit doesn't affect third-party clients. Unless you're using twitter.com, you should be totally safe.
At this point, probably 70% of the users I question about how they got an infection are telling me that they were fine until they clicked something from a friend on Facebook or Twitter. I'm starting to think those two sites are going to play cat-and-mouse with Adobe Reader and the Flash Player plug-in for the "who can cause the most malware infections" crown.
update: Twitter responded in a hurry, and the exploit has already been patched.