Second Life Hit By Massive In-Game Worm

An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.

Ha ha

[Anonymous Coward]

Man, that's kinda funny.

Re:Ha ha

[Arkaaito]

Yeah, pointless acts of mass malice have come to Second Life. Now it really IS just like the real world.

Nice Hack

[Anonymous Coward]

Nice hack. Kudos to whomever pulled it off. The videogame generation is in danger of becoming a legion of conformist, rule-following lab mice, conditioned to obey and consume, differentiated only by which Big Media corporation they swear allegiance to. It's good to see someone somewhere is sowing discord. Eris would be pleased, but then who gives a fuck what she thinks ;P

Re:And it was just getting good

[Jeremi]

Now we have CopyBot and grey goo and it seems like SL is just another dodgy online game after all

Wow, given the same evidence, I drew exactly the opposite conclusion. A simple "dodgy online game" wouldn't give its players enough control over their world to allow this sort of shennanigans to happen. Things like viruses can only occur when people are given access to a Turing-complete programming language and allowed to do what they like with it... which is what SL does, and why it's not "just a game", but rather a platform. Granted, it may be an infant platform, still buggy and insecure, and not necessarily useful for very much yet, but then you could say the same thing about the Internet itself a few years ago.

Re:And it was just getting good

[From A Far Away Land]

Excuse me, but how could an "online economy" ever be viable? It doesn't produce anything, and consumes energy.

Don't get too excited

[cgenman]

In snow crash, the visual component was being used to transmit information and reprogram computing machines, in that case the brain. It was an impressive leap of insight into interfaces and the nature of computing machines, not too different than the buffer overflows we've been plagued with since.

In the second life case, the visual component exists because pretty much everything in second life is required to have a visual component of some sort. In this case, the visual component of a ring existed soley as an icon would in an outlook express virus... "click here to infect your system!" And people did. The ring icon is not integral to the attack in any way other than as hot tennis players have been integral to attacks in the past.

Not to burst your bubble, but it isn't exactly a technological marvel.

Re:And it was just getting good

[Anonymous Coward]

It's a real-world entertainment service. People get entertainment value out of it, and are willing to spend real-world bucks to get it.

Re:Time for some Black Ice

[HiThere]

It's worse to attack for money or patriotism.

The reason is that the graffito "artists" serve a useful function, they alert you to holes in you work, and they don't generally do much damage. (Not compared to the others.)

Think about it, which is worse:
1) a virus that crashes your system
2) a virus that doesn't crash your system, but corrupts the payroll files

I think you'll agree that 2 is MUCH worse than 1.

Re:Not just misleading, but factually inaccurate t

[arth1]

Of course, if there were 600,000 users on at the same time, the "game" would be unplayable - it's tough enough when it gets over about 10,000 right now.

With 2700+ servers they have a hard time handling more than 10k users? Less than 4 users per server is tough enough? Um, I think there's Opportunities here.

--
*Art

PR Stunt?

[replicant108]

The Second Life marketing department have been very active recently.

This story smells funny.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Well, big deal

[vadim_t]

The first time I saw something like that happen it was really bad. Performance was very badly affected, and the objects would launch people into the air, so the only thing that could be done was sitting (you can't be pushed if you're sitting) and talking until they fixed it. And after a while the whole grid had to be brought down for hours.

Now all that happens is that things slow down for a while, they close logins for a few minutes, and soon everything is back to normality. Some areas aren't even very noticeably affected, because object creation is disabled, so the stuff doesn't get to run on those sims in the first place. The only effect felt there is the degradation of the central servers.

While it's certainly annoying, it's not nearly the problem it used to be.

Re:Someone please explain

[somersault]

No, it sounded like interacting with the rings is what triggered the script. I've never played Second Life, though I have seen my bro use it, and I've read about it in the past. Having everything residing on the client would kind of miss the point of having a centralised server in the first place, so I don't see why there couldn't be rings floating around, and then when a user touches them it starts up whatever code has been attached to the touch function of the ring. *shrug* Does sound pretty funny to me anyway :) I think (not that I RTFA) the lag was caused for everyone, not just the players that touched the rings, so it was the servers having problems coping with the exponentially growing amount of objects, rather than just people not having enough bandwidth.

No publicity is bad...

[punkr0x]

I've been seeing an awful lot of stories about second life lately. First it was businesses opening virtual stores, then the copybot and now this. Is it all coincidence, or has Linden Labs been pushing their marketing campaign into high gear?

Re:Ha ha

[stunt_penguin]

Spinning rings would be funny, an actual giant sandworm [wikimedia.org] in Second Life would have been much more satisfying [angelfire.com]. No way would anyone want to go over and touch that.

Re:Someone please explain

[Baavgai]

Yep, that's about it.

The scripting implemented in SL via LUA is, at it's heart, event oriented. When an object is created, there is an intentional lag. Functionally, an object cannot "easily" hurt the system with an infinite loop. There is a stack for each object process that's rather small and when that blows, you're done.

Objects can instantiate new objects ad infinitum, if they try hard enough. The object itself isn't doing anything bad, just existing. But each object is overhead so, eventually, boom.

I'm assuming there are other restrictions on automated cloning behavior, which is why this thing used avatar interactions to propagate. Avatars become like hosts for the virus; it's a pretty good work around.

Second Life has the same security conundrum as Microsoft. The more powerful tools you offer, the more ability you have for those tools to be used against you. SL allows any peon to script their world. Users creating content is what makes the environment intriguing. That very functionality also offers opportunities for abuse.

Re:Second Life needs a new name

[osu-neko]

"Real life" is just nucleons and electrons flying around one another according to a few simple laws.

The only reason anything is important is because we choose to attach importance to it. Whether it's a group of protons and electrons or ones and zeroes makes no real difference. If you think otherwise, you have a rather fantastical view of what's "real". (Your error is not in thinking that those ones and zeroes aren't "real" in the sense you mean it, but that you think anything else larger than a subatomic particle is. You're promoting one abstraction as being less abstract than the other, when in fact it's not -- it's every bit as much an invented construct in your mind, occuring no place in "reality" outside your mind.)