This is only affecting the actual Twitter web site (which has the highest number of Twitter users), not third party apps like Tweetdeck, Seesmic, etc.
As Security experts Sophos put it:
The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister. It appears that in Sarah Brown’s case her Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan. That’s obviously bad news for her followers – over one million of them. To Mrs Brown’s credit, she has posted a warning on her Twitter page: “don’t touch the earlier tweet – this twitter feed has something very odd going on ! Sarah”… Some users are also exploiting the loophole to create tweets that contain blocks of colour (known as “rainbow tweets”). Because these messages can hide their true content they might prove hard for some users to resist clicking on them.
This is a developing story, stay tuned for updates.
UPDATE 1: The hack may have originated with the account RainbowTwtr (best not go there just in case) which, when you moused over the tweet, would produce a rainbow. That probably lead others to realise the exploit could be used for other purposes.
UPDATE 2: As we said, third party apps using the Twitter API won’t re-produce the mouseover exploit, so they are safest right now. It also appears that users of the New Twitter interface (mostly in North America) do not have the same problem.
UPDATE 4: A commenter points out a quick fix below: “Go to mobile.twitter.com and sign in. Then go to mobile.twitter.com and delete the forced retweet. Do this quick so that others don’t get effected. ALSO, don’t forget to change your password just in case.”
UPDATE 4: We’ve now heard the Mobile site may be affected as well. Best avoided.
FINAL UPDATE: Twitter says it is now on the case and fixing the issue.