Twitter stopped a clickjacking attack on Thursday that quickly spread because it took advantage of social engineering and peoples' natural curiosity.
Tweets began appearing that said "Don't Click" followed by a link. Naturally, people clicked. When they did so, a tweet was sent from their account with the same "Don't Click" message and link.
"We patched the "don't click" clickjacking attack 10 minutes ago. Problem should be gone," John Adams, aka Netik, an operations engineer at Twitter, tweeted around 11 a.m. PST.
The clickjacking appeared to be harmless and just propagated itself, according to a post on the Sunlight Labs blog.