Feeds

Second life plagued by 'grey goo' attack

Viruses go virtual

Protecting users from Firesheep and other Sidejacking attacks with SSL

For about two hours, the virtual landscape of Second Life filled with golden rings and the distinctive two-tone ding of Sega's popular Sonic the Hedgehog games.

The rings' listed creator was the fictional "Dr Robotnik," a character from the Sonic games. However, the deluge of rings was not some form of cross promotion, but a viral attack of self-replicating objects, known less than affectionately as "grey goo."

"The rings were flying from every direction - there were an incredible amount them," one in-game observer, who asked only to be identified by his avatar's name "Amulius Lioncourt," said in an interview with SecurityFocus.

In a video that Lioncourt made from screen captures, the rings spun on the ground and streaked through the sky. The distinctive Sonic the Hedgehog sound punctuated the video every few seconds. The attack left the servers responding slowly, resulting in a variety of side effects, including unreliable account balances, disappearing clothes, and shutting down in-game teleportation, which digital inhabitants use to get around quickly, according to Linden Lab, the creator of Second Life.

"The problem seems to be tied to heavy load on the database," the company said on its Second Life forum on Sunday.

Within 15 minutes, Linden Lab detected the outbreak and cleaned out the servers, although it took about two hours to get everything back to semblance of normal, according to a timeline in the forum posts. The response - the fastest yet, in Lioncourt's experience - showed that the company has started to gain experience in combating such attacks.

It's experience that will likely be necessary in the future.

As virtual worlds bring together a greater number of people and become increasingly interactive, virus writers and other malicious coders will likely focus more effort in attacking such online meeting places. Second Life has already suffered three major attacks since September, each time being overrun by quickly reproducing digital objects. In October, a series of attacks - one incorporating bouncing beach balls with processor-taxing particle effects - made the online lives of Second Life's residence stuttering and sometimes brief, as the company took down servers to clean them out.

Linden Lab is not the only firm that has to deal with such problems. In the World of Warcraft, Blizzard Entertainment's hit massively multiplayer online role-playing game (MMORPG), a digital disease created last year was spread beyond its intended area to the online world at large by griefers intent on killing other players' in-game avatars. While the disease had been added by Blizzard developers, several players discovered the implementation flaw and used the disease to attack other players in the world.

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.