Why live filtering won't work
To be fair to Twitter, live filtering does not solve the problem - they need a system that can filter retrospectively.
Most modern malware can spread very quickly, often way before AV and URL-filtering companies have a chance to react. In other words, live filtering of Twitter posts will not work for a new, fast-spreading malware pandemic.
That said, it seems the best solution would be to combine live filtering (for known malware sources) with retrospective filtering (for malware sources *recently* identified).
On both counts, Twitter currently fails. Lack of live filtering creates too large a threat window for known malware, and a slow retrospective scan merely compounds the problem. Added to that, one or more levels of indirection (TinyURL and their ilk) can be automated and compounds the issue. This could be 'solved' by implementing a Twitter-managed URL linking system, but this could also present user acceptance, scalability and further redirection issues.
Not an easy one to solve, but you can't be seen to be ignoring the problem either.