Twitter has been given the all clear after a worm infected "tens of thousands of users". But experts say the attack could have been much worse.

Twitter在经历“成千上万用户”感染之后解除警报，但是专家称攻击本应该更糟糕。

Over the weekend, a self-replicating（复制，折叠） computer program, or worm, began to infect profiles on the social network.

The worm was set up to promote a Twitter rival site, showing unwanted messages on infected user accounts.

Michael Mooney, a 17-year-old US student, told the Associated Press he created the worm to promote his site.

Mooney, who lives in Brooklyn, New York, said he wanted to expose vulnerabilities（弱点，漏洞） in Twitter. He told AP: "I really didn't think it was going to get that much attention, but then I started to see all these stories about it and thought, 'Oh, my God'."

The worm worked by encouraging users to click on a link to the rival Twitter site, called StalkDaily.com.

Once the link was clicked, infected users themselves automatically began to send out messages to friends, promoting the site.

No personal or sensitive information, such as passwords, was compromised（泄露） in the attacks, according to Twitter, which has more than seven million users.

Mikko H Hypponen, chief research officer at security specialists F-Secure, told BBC News the attack could have been much worse.

"All the problems stayed on Twitter. Even if you were infected, nothing happened to your computer.

"It would have been simple to integrate（整合） a web browser¹ exploit（开发，利用） into this so that you could have done anything you wanted to the infected computer, including recording² all keyboard strokes and capturing credit card details."

Mr Hypponen said he was surprised that the vulnerability had been present in Twitter.

"It was a very basic vulnerability. Similar holes were found in other web social services, such as MySpace and Facebook, quite a while ago.

"I guess Twitter has learned its lesson."

'On alert'

In a blog posting on Monday, Twitter co-founder Biz Stone said: "We are still reviewing all the details, cleaning up, and we remain on alert."

In all, there were four waves of attacks on Twitter.

The website said it had deleted almost 10,000 tweets, or messages, that could have continued to spread the worm.

Mr Hypponen said F-Secure had monitored at least one variant³ of the worm attack, using a link in a message that pledged（保证，誓言） to clear up the problem. It had been clicked on at least 18,000 times.

"We would estimate（估计） that tens of thousands of users were infected."

He added: "The root cause for these problems is that social networks are interactions（相互作用，相互影响） with other people and we inherently（天性地，固有地） trust the messages from people we know in real life or virtually.

"So when you get a message from someone on Twitter you trust it because in real life fake messages like this rarely happen."

Twitter has promised to conduct a "full review of the weekend activities".