The direct messages feature text such as 'this you?' or 'hey, i've been having better sex and longer with this here' and feature web links.
The links lead to sites designed to hijack even more Twitter accounts, or distribute malware designed to steal login and password details for online accounts.
Twitter said that receiving the message does not mean your account has been compromised.
However, it urged users that had clicked the links in these messages to change their password.
"If you've received this type of spam from a friend, you may want to alert them to change their password," the micro-blogging site added in a blog.
It's the kind of thing that will persist on social networking services, said Graham Cluley, senior technology consultant at security company Sophos.
"The fact is that social networking accounts have a financial value," he said. "They can be used as a springboard for sending out more spam, malware or selling things."
While those sites often filter messages and links, social networking sites are only just beginning to do so.
Bit.ly, one of the most popular URL shortening services, recently started working with Sophos to scan links, said Cluley, but some others are yet to offer such a service.
"Ultimately it's you, the human, that needs to do [the filtering,] Cluley said.
"It's up to you to decide to enter your username and password. Fixing that bug in people's brains is an upgrade we are not capable of."
Meanwhile, security firm F-Secure said the problem may have something to do with some of the recent search engine deals that have been made.
"Yahoo announced that they'll begin to include Twitter's real-time feed into their search results and Facebook is now included in Google's search results. The bad guys can use social networking trust to enhance their SEO [search engine optimisation] attacks," F-Secure said in a blog.
Twitter advised web users to follow its Twitter safety account for more information about protecting their account.