Second Life Hit By Massive In-Game Worm 249
An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.
Ha ha (Score:0, Insightful)
Re:Ha ha (Score:5, Insightful)
Nice Hack (Score:4, Insightful)
Re:And it was just getting good (Score:5, Insightful)
Wow, given the same evidence, I drew exactly the opposite conclusion. A simple "dodgy online game" wouldn't give its players enough control over their world to allow this sort of shennanigans to happen. Things like viruses can only occur when people are given access to a Turing-complete programming language and allowed to do what they like with it... which is what SL does, and why it's not "just a game", but rather a platform. Granted, it may be an infant platform, still buggy and insecure, and not necessarily useful for very much yet, but then you could say the same thing about the Internet itself a few years ago.
Re:And it was just getting good (Score:3, Insightful)
Don't get too excited (Score:3, Insightful)
In the second life case, the visual component exists because pretty much everything in second life is required to have a visual component of some sort. In this case, the visual component of a ring existed soley as an icon would in an outlook express virus... "click here to infect your system!" And people did. The ring icon is not integral to the attack in any way other than as hot tennis players have been integral to attacks in the past.
Not to burst your bubble, but it isn't exactly a technological marvel.
Re:And it was just getting good (Score:2, Insightful)
Re:Time for some Black Ice (Score:3, Insightful)
The reason is that the graffito "artists" serve a useful function, they alert you to holes in you work, and they don't generally do much damage. (Not compared to the others.)
Think about it, which is worse:
1) a virus that crashes your system
2) a virus that doesn't crash your system, but corrupts the payroll files
I think you'll agree that 2 is MUCH worse than 1.
Re:Not just misleading, but factually inaccurate t (Score:4, Insightful)
With 2700+ servers they have a hard time handling more than 10k users? Less than 4 users per server is tough enough? Um, I think there's Opportunities here.
--
*Art
PR Stunt? (Score:3, Insightful)
This story smells funny.
Comment removed (Score:2, Insightful)
Well, big deal (Score:4, Insightful)
Now all that happens is that things slow down for a while, they close logins for a few minutes, and soon everything is back to normality. Some areas aren't even very noticeably affected, because object creation is disabled, so the stuff doesn't get to run on those sims in the first place. The only effect felt there is the degradation of the central servers.
While it's certainly annoying, it's not nearly the problem it used to be.
Re:Someone please explain (Score:3, Insightful)
No publicity is bad... (Score:2, Insightful)
Re:Ha ha (Score:3, Insightful)
Re:Someone please explain (Score:3, Insightful)
The scripting implemented in SL via LUA is, at it's heart, event oriented. When an object is created, there is an intentional lag. Functionally, an object cannot "easily" hurt the system with an infinite loop. There is a stack for each object process that's rather small and when that blows, you're done.
Objects can instantiate new objects ad infinitum, if they try hard enough. The object itself isn't doing anything bad, just existing. But each object is overhead so, eventually, boom.
I'm assuming there are other restrictions on automated cloning behavior, which is why this thing used avatar interactions to propagate. Avatars become like hosts for the virus; it's a pretty good work around.
Second Life has the same security conundrum as Microsoft. The more powerful tools you offer, the more ability you have for those tools to be used against you. SL allows any peon to script their world. Users creating content is what makes the environment intriguing. That very functionality also offers opportunities for abuse.
Re:Second Life needs a new name (Score:2, Insightful)
"Real life" is just nucleons and electrons flying around one another according to a few simple laws.
The only reason anything is important is because we choose to attach importance to it. Whether it's a group of protons and electrons or ones and zeroes makes no real difference. If you think otherwise, you have a rather fantastical view of what's "real". (Your error is not in thinking that those ones and zeroes aren't "real" in the sense you mean it, but that you think anything else larger than a subatomic particle is. You're promoting one abstraction as being less abstract than the other, when in fact it's not -- it's every bit as much an invented construct in your mind, occuring no place in "reality" outside your mind.)