The hook with the fresh worm on it could be a page that looks just like the GMail login screen, or Facebook, or Twitter or your bank's website.
When you see the page, you just assume you've been logged out. You re-enter your login credentials and get tabnabbed.
The fix for this type of attack, Raskin said, is the web browser taking a more active role in protecting the user. This is the type of security problem the Firefox Account Manager is designed to solve.
"User names and passwords are not a secure method of doing authentication; it's time for the browser to take a more active role in being your smart user agent; one that knows who you are and keeps your identity, information, and credentials safe," Raskin said.