As I reported, my Twitter account became infected with the Mikeyy worm earlier today. It's so new that, unusually, Wikipedia does not yet have an entry for it. So, what can I learn from the experience of having a compromised computer for the first time in nearly 30 years of computing?
The first thing, is that you do not have to be doing anything stupid to get infected. In my case, I was simply checking out a new follower on Twitter, since I always check these out so I can block those that are obviously spam accounts. But simply viewing the infected profile was enough to infect mine, and that of anyone else who had the misfortune to visit it (sorry - if you want to know how to remove it, see this post). This is clearly a big problem for Twitter, since looking at profiles is pretty central to the way it works.
Finally, my experience shows that it may be worthwhile using a dedicated client for services so as to avoid generic browser weaknesses. I've been using the AIR-based Tweetdeck for a while, and found it quite good, memory use aside. The problem, of course, is that neither is open source. That, at least, is something that can be solved. Clever attacks like those of Mikeyy are going to be rather harder to sort out, so all of us – especially me in the view of today's events – need to be on our guard.
Update: A further thought. I've always hated URL shorteners, ever since I first came across TinyURL. That's a bit of a problem for Twitter, which depends on them for embedded URLs. It's also a big danger given the attack described above, since such a compressed URL could easily take you to an infected page, and there's no way of knowing beforehard.
That's why I've now installed another Firefox add-on (where would we be without them?), bit.ly preview. The great thing about this is that it not only works with the bit.ly URL shortening service, but with most others too. When you hover over one of them, it shows what link it refers to. It also tells you how many times that shortener has been clicked on in the case of bit.ly. It adds at least a modicum of extra security; so far, I'm impressed.