Ask Marian

 I had this spam message get posted by my twitter account, and when I reported it, they suspended me!!! .  I don't think it is the result of any sort of spyware/trojan/virus, because I mainly use twitter via SMS, and the only time I do log onto the twitter.com website it is from my secure laptop running linux.

 It definitely seems like a hack or vulnerability on twitter's website to me, I have found dozens of (what seem like) legitimate accounts posting this spam message. 

also watch out for "http:// e a r n i n g -p r o f i t 3 .c o m"  (added spaces to prevent accidental clicks).  It is the exact same website, and some "hacked"(?) twitter accounts are posting messages with that link too. 

watch this search on twitter for people talking about it: 

http://twitter.com/#search?q=google-wizard

My Twitter account was hacked by the Go0gle-Wizard hack yesterday at around 2:44pm ET. (I have since changed my password for Twitter and just about everything else I could think of.)  Just FYI, I had never heard of, visited or logged into TwitViewer (I know they were stealing u&p and Twitter made an official warning about them). I don't know how it happened. 

What sort of info would be useful in moving forward to security experts such as yourself? Here's some info you might find relevant:

My Twitter account had links/connections to just two applications: FourSquare (an iPhone app) and SawHorse Media (a website)--both are apps/sites runs by trusted friends so I doubt the exploit came from there but I thought I'd throw that out there just in case many other users reported similar. Also, for my Twitter client 99% of the time I run Tweetie (v.1.2.2 currently) on my OS X machine and my iPhone. I log into Twitter.com about once every two weeks. About four months back I used TweetDeck for a while.

I keep my computer up to date and protected. My Twitter password was relatively weak but not stupidly weak (my mistake) but then again, I've been on the internet using similar sorts of password since 1990 and this was the first hack/compromise I've ever experienced. The original password was eight letters but nothing stupidly obvious. It's now 128-bit :-)

I am guessing they got a big u&p list from somewhere, but where? I wonder if the place they got them from originally got them from somewhere else? I really want some answers here.

You can contact the real me on twitter {at} tomloverro 

@tomloverro  ... I was using foursquare also.

The only two things I had my account linked to were FourSquare and  TwitterBar (the latter stores my password locally on my secure laptop).  

Hi all,

Thanks for sharing your experience with this. What I found from our internal Threat team is more to do with the destination site than how your Twitter account was hacked. I know a few more people to talk to who were at the Las Vegas Black Hat conference so I might get more on this after the weekend. Anyway, here's what we know about the destination site:

The site is just a front for news 7 dot org/...google-masters. , which is a blog site with a link to mysearch cashonline dot com.  . This is one of those ‘Work from Home’ + ‘Online Marketing’ plans. 

Hello, Marian,

Just wondering why you've included the Suspicious Web Link in the Article.