Twitter said that it had fixed the flaw several hours after it was first hatched by Norwegian programmer Magnus Holm, who announced his achievement in a tweet.Later, he told the BBC that other malicious hackers had piggy-backed on his exploit to launch the disruptive programmes.
"I simply wanted to exploit the hole without doing any 'real' harm," he told BBC News.
He said others soon copied his code using "other nasty or smart tricks," including links to porn sites. "It was only a matter of time before more serious worms started," he said.
A Twitter user named Matsta, who appears to have been responsible for the most disruptive exploits, had his Twitter account suspended.
One of the worm's first victims was Sarah Brown, wife of former British prime minister Gordon Brown. Early Tuesday, her 1.1 million followers were sent a message with a link to a Japanese pornography site.
"Don't touch the earlier tweet - this twitter feed has something very odd going on! Sarah," she tweeted afterward.
In Washington, White House Press Secretary Robert Gibbs fell victim to the flaw.
"My Twitter went haywire," he tweeted. "Absolutely no clue why it sent that message or even what it is. ... Paging the tech guys."
The attackers used a flaw in the programming language, Javascript. The rogue messages contained the code "onmouseover", which directs users to the new site when the cursor is moved over the link. The flaw only worked on Twitter's older website, rather than the new version introduced last week in the US. Twitter has more than 160 million users worldwide.
