There’s another worm that’s making its way around Twitter today. This two-day attack is pretty long-running in the face of dozens of attacks that last only a few hours. It has taken over certain goo.gl links, and we’ll tell you how to avoid it below.

Thinq reported the worm yesterday, and it is still being spread through hijacked Twitter accounts today.

Thinq was alerted to the worm by a number of Twitter users who reported their accounts were sending out tweets without their knowledge. These tweets included a variety of messages, often about Google, and a goo.gl URL shortened link.

Take a look at some current examples of the worm in action below:

The worm being spread is attached to any link with the ending: m28sx.html. To avoid landing on a malicious page, never click on a link – even from someone you trust – without using Twitter’s link preview. You can do this by hovering your mouse over the shortened goo.gl link. If the link ends with m28sx.html or it directs you to a website you do not know or trust, do not click on the link.

The link itself leads to malware which attempts to “scan” your computer for suspicious files, eventually requiring you to purchase a fake program in order to get rid of malware that the scan finds.