Don't Click The WTF Link On Twitter Unless You DO Like Sex With Goats
As commenter Andrew Nacin points out, the bug is called a cross-site request forgery. Web programming security 101. It should only affect twitter.com, as it relies on an iframe of twitter.com and a little JavaScript to post the tweet form (twice). It seems that if you click this link “http://pastehtml.com/view/1b7xk3b.html”, and you are signed into Twitter, it will autotweet two Tweets with the sex with goats bit and the WTF link.
UPDATE: Twitter just posted this message on their Status blog, stating “A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.”
UPDATE 2: Twitter has fixed the exploit and are removing the “offending Tweets.”