Okay, I saw this a couple of days ago now, and well, to say that it’s interesting is a bit of an understatement to be honest.

Full entry can be found in the Full-Disclosure archives:

From: Mikeyy Mooney iammikeyy_at_gmail.com>
Date: Thu, 16 Apr 2009 21:26:52 -0500

Last night, Twitter was in a state in panic over a �worm� that had
exploited the site. Unlike previous bugs which required you click a
link of some sort, users could be affected by simply visiting someone
else�s profile.
……
�I am the person who coded the XSS which then acted as a worm when it
auto updated a users profile and status, which then infected other
users who viewed their profile. I did this out of boredom, to be
honest……