Shortly before 10 a.m. (1400 GMT), Twitter said on its "safety" feed on the site that the attack had been shut down. It also said it does not believe that any user information was compromised.
The hack had been extra nefarious because the tweets activated without being clicked on - it was enough for Web surfers to move their mouse cursors over them. But it only affected visitors to Twitter.com. Various third-party programs used to send and read tweets, such as Tweetdeck, were unaffected.
The popups could, though didn't necessarily, contain malicious code that could take over poorly protected computers. The White House's official Twitter feed - followed by 1.8 million users - was among those affected, though the offending message was quickly taken down.
Fittingly for Twitter, which limits messages to just 140 characters, the virus may have been among the shortest on record. According to security software maker F-Secure Corp., the shortest virus so far was just 22 characters long.
Security breaches had been common in Twitter's early days, but the company has since worked to beef up its security and the problems have become less common. Tuesday's hack coincided with Twitter's ongoing rollout of a redesign of its website, which tries to streamline users' Twitter feeds and make it easier to see photos and videos directly on the site, without having to click on a link to YouTube or Flickr.
Twitter representatives did not return an e-mail seeking comment Tuesday morning.