Second Life Hit By Massive In-Game Worm

An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.

And it was just getting good

[jibjibjib]

A few weeks ago I was hearing things about SL like that corporations were holding press conferences there, businesses were running there and making good profits, and its economy was worth millions of dollars. I thought SL was just beginning to become important, and show the world that a virtual economy was a viable idea.

Now we have CopyBot and grey goo and it seems like SL is just another dodgy online game after all.

Someone please explain

[goombah99]

This sounds like horseshit. It's like something you would see in a factually absurd hollywood movie about a programmer uploading a virus into the power grid. How does this work in these games that someone is ever allowed to inject a code that can run on someone elses session? Why would they allow that. Spining rings appearing in my session from some one elses code and my computer runs the code if I touch them. Praise Tron. I assume there is some explanation for this but since I'm not a gamer I am without a clue.

What?

[JimXugle]

What? No Screenshot from anybody?

Getting close to "Snow Crash" here

[Animats]

This reads like something from Neal Stephenson's "Snow Crash".

I never thought we'd get real systems vulnerable to attacks with 3D visual components as an integral part of the attack. This is much closer to SF than expected.

Is there a video?

Time for some Black Ice

[Infonaut]

Wow, talk about reality imitating art. Or, art imitating art. Or technology imitating art. Or the virtual imitating the virtual.

Annnyway, this sure brings me back a few years. The first time I read Neuromancer [wikipedia.org], I thought, "Damn, what would it be like to live in a world where interacting with computers is so visceral?" We haven't developed networked, immersive 3d environments, but we've sure come a long way from the days when just getting on the Internet from home was a major accomplishment.

I'd say this attack is proof that no matter how creative and interesting and fun an environment you create, there's always going to be someone out there who will put a lot of time and effort into pissing in it. I'm sure the creator of the worm has some sort of wonderful rationalization, of course. I wonder, is it worse to attack networks in the name of profit (or patriotism), or to do so just because you can?

Screenshots?

[quanticle]

This thread is worthless without pictures.

Does anyone have screenshots of the alleged "grey goo"?

Re:Time for some Black Ice

[Anonymous Coward]

correct, I build large websites for a living, and now spend *much* more time on the asshole factor than on the actual website functionality, otherwise you can bet all your marbles that within a short time of something being a success it will be ripped to pieces by the jerks.

Sometimes I wished that there was a internet driving license equivalent, but really that's only on days ending on 'day', other days I'm not so sure that's a good thing and I want everybody to be anonymous.

But what I would not give for 15 minutes in a small room with a baseball bat and some of these jerks that think that it's fun to destroy stuff just because they can. Think about what the internet *could* be right now without all these assholes doing their best to destroy it. If it worked like that in real life we'd all be living in our own private fort knox.

Re:And it was just getting good

[DrMrLordX]

It's also a haven for sleaze [somethingawful.com]. Say what you want about people's right to free expression, but there is such a thing as going too far [somethingawful.com]. It's no wonder that Second Life has attracted so much ire. It was a "dodgy online game" long before Copybot and grey goo hit the scene.

Re:Someone please explain

[TekPolitik]

How does this work in these games that someone is ever allowed to inject a code that can run on someone elses session?

Second Life users are able to create objects using a fairly complete scripting language. The scripts run on the servers, and an object can create more objects when somebody interacts with it. It "runs" in other peoples' sessions not because it's running on their system but because they're all viewing the same MMORPG environment.

And to preempt your inevitable comment, yes, it is very lame. I can't believe people are paying ongoing fees (in US dollars) to hold land in this thing.

Sorcerer's Apprentice

[CodeBuster]

This appears to be related, at least in concept, to problem which sometimes comes up in network protocol design, Sorcerer's Apprentice Syndrome [wikipedia.org], which results in a cascade of copies that eventually overwhelms the ability of the connection to transmit and route the duplicates. The term originates from the Walt Disney animated feature Fantasia where the Sorcerer's Apprentice (Mickey Mouse in the red robes and wizard hat) accidentally causes the mops washing the floor to increase via geometric doubling. One wonders if other MMORPGs are vulnerable to similar attacks.

Re:And it was just getting good

[djupedal]

Excuse me, but how could an "online economy" ever be viable? It doesn't produce anything, and [clip]

You're new, I'm guessing...

It produces an environment whereby the ever sought-after eyeballs are gathered, occasionally focused and always tracked. Doesn't matter if it is a polar bear in a snow storm, if you can prove that the multitudes are looking your way, you can cash in.

Re:Sorcerer's Apprentice

[HiThere]

Walt Disney didn't create the story of the Sorcerer's Apprentice. He didn't even create the broom. All he did was change the apprentice to a mouse and draw it.

And for this he got an eternal copyright on the story. Not legally, but effectively. Nobody else would DARE tell that story now, because they'd be sued.

Patents are bad, but I'm not certain that indefinitely extended copyrights aren't worse.

Re:And it was just getting good

[Cederic]

A simple "dodgy online game" wouldn't give its players enough control over their world to allow this sort of shennanigans to happen.

Have you even heard of MUDs?

Re:Second Life needs a new name

[iamacat]

Given a complex enough virtual world, Heisenberg uncertainty principle will manifest itself through small variation in timing between different events, if not outright hardware glitches.

Quick fix!

[GraZZ]

[PST 3:18] The grid has been reopened to all log-ins. Welcome back!

[PST 3:07 PM] Log-ins will be closed to all except Linden staff while we finish cleaning up the aftermath of the grey goo attack.

[PST 2:44PM] An attack of self-replicators is causing heavy load on the database, which is in turn slowing down in-world activity. We have isolated the grey goo and are currently cleaning up the grid. We'll keep you updated as status changes.

Under an hour from recognizing the problem to fixed. If this were WoW, the servers would have been down 3 or 4 days!

Re:Not just misleading, but factually inaccurate t

[vtechpilot]

With 2700+ servers they have a hard time handling more than 10k users? Less than 4 users per server is tough enough?

The problem is that the world is Zone Based, meaning each server is responsible for a equal size geographic portion of the world. The result is that processing power is spread evenly over the whole world. The problem is that people like to congregate causing some geographic areas to have more players, and other servers to have none. Where you have more players, you have more work for the server causing everything on that server to slow down. So the result is that the places players most want to be are also the places with the greatest lag. The unfortunate result is that many players have a negative experience right away.

Really, the whole server architecture needs to be reworked to behave more like a proper cluster, but that is too large of a change to ever consider implementing without starting over from scratch.

Re:Not just misleading, but factually inaccurate t

[maxume]

It would at least seem possible to make the zone size a server is responsible for variable, and then eventually, dynamic. That would look just like it scaled.

Re:And it was just getting good

[bm7150]

That is just some of the things going on within Second Life, but that's not the only thing. There are plenty of good things going on, but just like the internet, there will be those people who use it for so called "immoral" things. (i'm not saying I agree with any of the things from the somethingawful articles, but there is more than just the furries and pedophiles). There are quite a few talented designers (clothing and architectural), and some great programmers there who are doing some amazing work. The web is full of pedophiles and furries, and Second Life will have it's share, but thus is the growing pains of creating a metaverse (once again, not saying Second Life is the metaverse, but it's a pretty good stepping stone that way).

Re:Not just misleading, but factually inaccurate t

[jp10558]

Ummm. . . VMWare ESX server clusters under the virtual Zone based servers? Maybe not even have separate clusters, but make all 2700 servers Virtual, run them in ESX cluster that is 2700+ servers, and let ESX handle the proper clustering? Would that work?