Talk about art imitating life. A self-replicating worm dubbed “Grey Goo” has caused the virtual community Second Life to shut down at least once, according to the site’s owners, Linden Life. Within the Second Life virtual environment, Grey Goo’s creators claimed to spin gold rings, and unwitting players interacted with them to spread the malware further.
“This was basically a proof-of-concept worm that only self-replicated using the scripting features inside Second Life,” explained Stefan Savage, a professor of Computer Science and Engineering at UC San Diego and a computer security/worm/virus expert. “They have filters that try to prevent this kind of self-replication, but evidently the author found a hole in them,” he told TechNewsWorld.
A ‘Grief Bomb’
Given that it only affected Second Life users’ game time, it was not as destructive as some worms have been. Also, Grey Goo does not appear to have been financially motivated — that is, it didn’t try to phish or otherwise steal personal financial data from users. Nonetheless, players were rattled by the interruption — which was likely the whole point, says Rob Enderle, principal analyst at the Enderle Group.
“The worm dropped into Second Life is a ‘Grief Bomb.’ This kind of an attack’s sole purpose is to mess up the game” and get those that play and maintain it upset, Enderle told TechNewsWorld.
Targeting Web 2.0
Even though it was a relatively benign occurrence as worms go, Grey Goo is worth noting, as it may be only the first of this type of malware to come, warned Roger Thompson, CTO of anti-exploit software vendor Exploit Prevention Labs. “Increasingly, as we move [toward] Web 2.0, [and] with applications like MySpace or YouTube becoming commonplace, I think we will see more worms targeting these communities,” he told TechNewsWorld.
Until the next YouTube or MySpace becomes apparent, however, virus writers are likely to focus on virtual communities like Second Life. If the real world is any guide, a proof-of-concept worm is likely to be followed with one that has a genuine payload.
Users of these virtual communities should start taking the necessary precautions if they haven’t been already, Randy Abrams, director of Technical Education, ESET, told TechNewsWorld.
The Payload Next Time
“Second Life may be a virtual world, but real dollars are being exchanged. This creates some pretty strong motivations. In the case of Grey Goo, theft doesn’t appear to be a motivation. However … it would have been fairly easy to add a payload if the author had so desired,” he said.
The worm’s appearance shouldn’t have been a surprise, Rob Graham, CEO of Errata Security added, as most popular online games have had similar worm-replication problems.
“One exception is the game ‘World of Warcraft,'” he told TechNewsWorld. “It’s not because they have smarter programmers, but because its creator had already been burned by replication bugs in its previous game called ‘Diablo.'”
Programmers in the gaming industry are still coding in a negligent manner, Graham concluded. “We will continue to see such problems in online games in the coming years.”