Second Life Hit By Massive In-Game Worm

An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.

Neat!

[the_humeister (922869)]

Now what they need is some sort of illness that affects characters temporarily, just like real life! Imagine, your character gets a cold and slows down and sneezes every once in a while. Or hey, you go kiss another character (if that's possible) and your character gets infected with herpes! Wouldn't that be fun? Oh wait - that was me last weekend. Damn.

Re:Someone please explain

[GuruBuckaroo (833982)]

Calling it a 'worm' is kind of a stretch. It does not affect your local computer, it affects the view of the world in your local client. It doesn't run code on your computer, it just adds extra "in-game" items that automatically duplicate themselves and clog the Tubes.

Re:Someone please explain

[by Anonymous Coward]

Huh? By definition a worm is a self replicating program or algorithm that causes harm, even if only by using bandwidth, network, or computer resources.

That is exactly what this worm did.

Re:Someone please explain

[TekPolitik (147802)]

How does this work in these games that someone is ever allowed to inject a code that can run on someone elses session?

Second Life users are able to create objects using a fairly complete scripting language. The scripts run on the servers, and an object can create more objects when somebody interacts with it. It "runs" in other peoples' sessions not because it's running on their system but because they're all viewing the same MMORPG environment.

And to preempt your inevitable comment, yes, it is very lame. I can't believe people are paying ongoing fees (in US dollars) to hold land in this thing.

Re:Someone please explain

[DarkAxi0m (928088)]

every object you create in SL can have scripts http://en.wikipedia.org/wiki/Linden_Scripting_Lang uage [wikipedia.org] added to them, that fire on different events, ie touch, never ending loops or the right click menu etc.
some of the commands let you create/spawn (i cant think of the word they use) other objects, like rain, or stars that follow you as you fly around. These objects in turn can have there own scripts too.
i don't know my self how they normally stop never ending loops of created objects other than them asking people nicely not to do it.
Some people have asked to able to disable the scripts but this, i think would have a to greater effects as every thing, doors, cars, lifts, dance club lights etc use the scripts.

i don't mind it, as long a people remember that its really just a glorified chat program with scripts, ie irc with a gui /fish

Re:Someone please explain

[Kadin2048 (468275)]

i don't mind it, as long a people remember that its really just a glorified chat program with scripts, ie irc with a gui /fish

In that same vein, I would mind this WWW thing a lot less, if people remember that it's really just a glorified Gopher program with scripts...

Ha

[8daze (1029526)]

Proof that all it takes to kill the Internet is something shiny.

Re:Ha

[G-funk (22712)]

Linden labs have released Images of the suspected mastermind [arstechnica.com]. If sighted, do not approach the suspect, and inform police!

Not just misleading, but factually inaccurate too!

[GuruBuckaroo (833982)]

First off, there were only about 14,000 people on the system at the time, not 600,000 as indicated in the summary. Second, while they did lock out new logins, it should be pointed out that any user who was currently online was not kicked off - and the period of "martial law" lasted about 20 minutes.

Of course, if there were 600,000 users on at the same time, the "game" would be unplayable - it's tough enough when it gets over about 10,000 right now.

Re:Not just misleading, but factually inaccurate t

[vtechpilot (468543)]

With 2700+ servers they have a hard time handling more than 10k users? Less than 4 users per server is tough enough?

The problem is that the world is Zone Based, meaning each server is responsible for a equal size geographic portion of the world. The result is that processing power is spread evenly over the whole world. The problem is that people like to congregate causing some geographic areas to have more players, and other servers to have none. Where you have more players, you have more work for the server causing everything on that server to slow down. So the result is that the places players most want to be are also the places with the greatest lag. The unfortunate result is that many players have a negative experience right away.

Really, the whole server architecture needs to be reworked to behave more like a proper cluster, but that is too large of a change to ever consider implementing without starting over from scratch.

Bad soap opera...

[creimer (824291)]

Second Life as the worm turns.

And it was just getting good

[jibjibjib (889679)]

A few weeks ago I was hearing things about SL like that corporations were holding press conferences there, businesses were running there and making good profits, and its economy was worth millions of dollars. I thought SL was just beginning to become important, and show the world that a virtual economy was a viable idea.

Now we have CopyBot and grey goo and it seems like SL is just another dodgy online game after all.

Re:And it was just getting good

[Jeremi (14640)]

Now we have CopyBot and grey goo and it seems like SL is just another dodgy online game after all

Wow, given the same evidence, I drew exactly the opposite conclusion. A simple "dodgy online game" wouldn't give its players enough control over their world to allow this sort of shennanigans to happen. Things like viruses can only occur when people are given access to a Turing-complete programming language and allowed to do what they like with it... which is what SL does, and why it's not "just a game", but rather a platform. Granted, it may be an infant platform, still buggy and insecure, and not necessarily useful for very much yet, but then you could say the same thing about the Internet itself a few years ago.

What?

[JimXugle (921609)]

What? No Screenshot from anybody?

Second Life slowed down?

[Ididerus (898803)]

Wow, so now they're blaming it on a "worm"... ok. SL is like watching an MMO flipbook, the packet-loss is phenomenal while they continue to supposedly attract corporations and live-weather map projects, host in-game advertising and I'm sure making money off people somehow with Linden cash transfers. Buy some freaking servers, or get rid of the 2,700 solar-powered calculators currently running the thing.

Getting close to "Snow Crash" here

[Animats (122034)]

This reads like something from Neal Stephenson's "Snow Crash".

I never thought we'd get real systems vulnerable to attacks with 3D visual components as an integral part of the attack. This is much closer to SF than expected.

Is there a video?

Second Life = Snow Crash

[patio11 (857072)]

Take one look at some of the screenshots from that game and *boom* say byebye to your cerebral cortex. Think of the ugliest possible art stretched into three dimensions doing things that would make Japanese tentacle monsters say "Hey, that just ain't right".

Time for some Black Ice

[Infonaut (96956)]

Wow, talk about reality imitating art. Or, art imitating art. Or technology imitating art. Or the virtual imitating the virtual.

Annnyway, this sure brings me back a few years. The first time I read Neuromancer [wikipedia.org], I thought, "Damn, what would it be like to live in a world where interacting with computers is so visceral?" We haven't developed networked, immersive 3d environments, but we've sure come a long way from the days when just getting on the Internet from home was a major accomplishment.

I'd say this attack is proof that no matter how creative and interesting and fun an environment you create, there's always going to be someone out there who will put a lot of time and effort into pissing in it. I'm sure the creator of the worm has some sort of wonderful rationalization, of course. I wonder, is it worse to attack networks in the name of profit (or patriotism), or to do so just because you can?

Like a snake around the brainstem

[Fallorn (784422)]

Hey Kid, Want to try some Snow Crash?

Well, look on the bright side...

[freeze128 (544774)]

It looks like the admins now have a "second job"....

This sounds like a job for...

[PrismaticBooger (103265)]

Sonic the Hedgehog!

Re:Ha ha

[Arkaaito (951305)]

Yeah, pointless acts of mass malice have come to Second Life. Now it really IS just like the real world.

Re:Second Life needs a new name

[Jeremi (14640)]

Second Life needs to be renamed to give its users a much needed message - namely, Get A Life

I submit that anybody who posts to Slashdot about the other people's need to "get a life" should spontaneously explode from sheer force of concentrated hypocrisy.

Re:Who dun it?

[Mongoose (8480)]

Sonic and Tails!

- Shadow

Re:Screenshots?

[Erazmus (145656)]

I found a screenshot over at Snapzilla [sluniverse.com].