According to Mashable.com, a new worm and phishing scam is spreading on Twitter. The message could come from the hacked accounts of "friends you trust" with a short message ("rofl this you on here?") and a URL leading to a replicated Twitter login page, asking for your account info. If you enter your username and password on this page, you will be infected, and your account used to pass on the worm.
Mashable offers the following instructions if you're hit:
If you're one of the unlucky ones to be fooled by this worm, make sure you change your password. Also delete any tweets or DMs that have the link. If you can't log into your account, reset the password and contact Twitter Support.
This is not the first worm or phishing scheme to make its way around the Twitterverse. Last January a similar phishing attack was causing trouble -- a direct message would be sent to your account with a tease "hey! check out this funny blog about you..." and a link. As Mashable put it: "We advise you don't."
In general, the best way to protect yourself is: if you are ever asked to re-login to Twitter after clicking on a link, do not do it.