Slashdot Mirror

← Back to Stories (view on slashdot.org)

Second Life Hit By Massive In-Game Worm

Posted by ryuzaki0 on from the don't-touch-that-ring dept.

An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.

17 of 249 comments (clear)

  1. Ha ha by Anonymous Coward · · Score: 0, Insightful

    Man, that's kinda funny.

    1. Re:Ha ha by Arkaaito · · Score: 5, Insightful

      Yeah, pointless acts of mass malice have come to Second Life. Now it really IS just like the real world.

    2. Re:Ha ha by stunt_penguin · · Score: 2, Insightful

      Spinning rings would be funny, an actual giant sandworm in Second Life would have been much more satisfying. No way would anyone want to go over and touch that.

      --
      When the posters fear their moderators, there is tyranny; when the moderators fears the posters, there is liberty.
  2. Nice Hack by Anonymous Coward · · Score: 4, Insightful

    Nice hack. Kudos to whomever pulled it off. The videogame generation is in danger of becoming a legion of conformist, rule-following lab mice, conditioned to obey and consume, differentiated only by which Big Media corporation they swear allegiance to. It's good to see someone somewhere is sowing discord. Eris would be pleased, but then who gives a fuck what she thinks ;P

  3. Re:And it was just getting good by Jeremi · · Score: 5, Insightful
    Now we have CopyBot and grey goo and it seems like SL is just another dodgy online game after all


    Wow, given the same evidence, I drew exactly the opposite conclusion. A simple "dodgy online game" wouldn't give its players enough control over their world to allow this sort of shennanigans to happen. Things like viruses can only occur when people are given access to a Turing-complete programming language and allowed to do what they like with it... which is what SL does, and why it's not "just a game", but rather a platform. Granted, it may be an infant platform, still buggy and insecure, and not necessarily useful for very much yet, but then you could say the same thing about the Internet itself a few years ago.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  4. Re:And it was just getting good by From+A+Far+Away+Land · · Score: 2, Insightful

    Excuse me, but how could an "online economy" ever be viable? It doesn't produce anything, and consumes energy.

    --
    Oh You POS
  5. Don't get too excited by cgenman · · Score: 2, Insightful

    In snow crash, the visual component was being used to transmit information and reprogram computing machines, in that case the brain. It was an impressive leap of insight into interfaces and the nature of computing machines, not too different than the buffer overflows we've been plagued with since.

    In the second life case, the visual component exists because pretty much everything in second life is required to have a visual component of some sort. In this case, the visual component of a ring existed soley as an icon would in an outlook express virus... "click here to infect your system!" And people did. The ring icon is not integral to the attack in any way other than as hot tennis players have been integral to attacks in the past.

    Not to burst your bubble, but it isn't exactly a technological marvel.

    --
    The ______ Agenda
  6. Re:And it was just getting good by Anonymous Coward · · Score: 2, Insightful

    It's a real-world entertainment service. People get entertainment value out of it, and are willing to spend real-world bucks to get it.

  7. Re:Time for some Black Ice by HiThere · · Score: 2, Insightful

    It's worse to attack for money or patriotism.

    The reason is that the graffito "artists" serve a useful function, they alert you to holes in you work, and they don't generally do much damage. (Not compared to the others.)

    Think about it, which is worse:
    1) a virus that crashes your system
    2) a virus that doesn't crash your system, but corrupts the payroll files

    I think you'll agree that 2 is MUCH worse than 1.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  8. Re:Not just misleading, but factually inaccurate t by arth1 · · Score: 3, Insightful
    Of course, if there were 600,000 users on at the same time, the "game" would be unplayable - it's tough enough when it gets over about 10,000 right now.

    With 2700+ servers they have a hard time handling more than 10k users? Less than 4 users per server is tough enough? Um, I think there's Opportunities here.

    --
    *Art
  9. PR Stunt? by replicant108 · · Score: 2, Insightful

    The Second Life marketing department have been very active recently.

    This story smells funny.

  10. Re:Ha by benplaut · · Score: 2, Insightful

    No, actually that's the guy going around at lightning speed cleaning them all up!!

  11. Well, big deal by vadim_t · · Score: 3, Insightful

    The first time I saw something like that happen it was really bad. Performance was very badly affected, and the objects would launch people into the air, so the only thing that could be done was sitting (you can't be pushed if you're sitting) and talking until they fixed it. And after a while the whole grid had to be brought down for hours.

    Now all that happens is that things slow down for a while, they close logins for a few minutes, and soon everything is back to normality. Some areas aren't even very noticeably affected, because object creation is disabled, so the stuff doesn't get to run on those sims in the first place. The only effect felt there is the degradation of the central servers.

    While it's certainly annoying, it's not nearly the problem it used to be.

  12. Re:Someone please explain by somersault · · Score: 2, Insightful

    No, it sounded like interacting with the rings is what triggered the script. I've never played Second Life, though I have seen my bro use it, and I've read about it in the past. Having everything residing on the client would kind of miss the point of having a centralised server in the first place, so I don't see why there couldn't be rings floating around, and then when a user touches them it starts up whatever code has been attached to the touch function of the ring. *shrug* Does sound pretty funny to me anyway :) I think (not that I RTFA) the lag was caused for everyone, not just the players that touched the rings, so it was the servers having problems coping with the exponentially growing amount of objects, rather than just people not having enough bandwidth.

    --
    which is totally what she said
  13. No publicity is bad... by punkr0x · · Score: 2, Insightful

    I've been seeing an awful lot of stories about second life lately. First it was businesses opening virtual stores, then the copybot and now this. Is it all coincidence, or has Linden Labs been pushing their marketing campaign into high gear?

  14. Re:Someone please explain by Baavgai · · Score: 2, Insightful

    Yep, that's about it.

    The scripting implemented in SL via LUA is, at it's heart, event oriented. When an object is created, there is an intentional lag. Functionally, an object cannot "easily" hurt the system with an infinite loop. There is a stack for each object process that's rather small and when that blows, you're done.

    Objects can instantiate new objects ad infinitum, if they try hard enough. The object itself isn't doing anything bad, just existing. But each object is overhead so, eventually, boom.

    I'm assuming there are other restrictions on automated cloning behavior, which is why this thing used avatar interactions to propagate. Avatars become like hosts for the virus; it's a pretty good work around.

    Second Life has the same security conundrum as Microsoft. The more powerful tools you offer, the more ability you have for those tools to be used against you. SL allows any peon to script their world. Users creating content is what makes the environment intriguing. That very functionality also offers opportunities for abuse.

  15. Re:Second Life needs a new name by osu-neko · · Score: 2, Insightful

    "Real life" is just nucleons and electrons flying around one another according to a few simple laws.

    The only reason anything is important is because we choose to attach importance to it. Whether it's a group of protons and electrons or ones and zeroes makes no real difference. If you think otherwise, you have a rather fantastical view of what's "real". (Your error is not in thinking that those ones and zeroes aren't "real" in the sense you mean it, but that you think anything else larger than a subatomic particle is. You're promoting one abstraction as being less abstract than the other, when in fact it's not -- it's every bit as much an invented construct in your mind, occuring no place in "reality" outside your mind.)

    --
    "Convictions are more dangerous enemies of truth than lies."