| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (8)

Posted: Aug 10th 2009 9:41AM (Unverified) said

  • 2 hearts
  • Report
Sanction scammers
Kill them all
Slowly torture
on a wall
Hanging high
for all to see
the brutal end
Their screaming pleas
for mercy
They deserve it not
Let their corpses
turn to rot
So other would be
thieves will wonder
Will I be next
torn asunder
disemboweled for my plunder
Then we’ll see
these crimes will cease
the web again
a place of peace.

Posted: Aug 10th 2009 11:48AM (Unverified) said

  • 2.5 hearts
  • Report
Thanks for your article, Tats! I didn't realise that the creator of "Neil Life" actually admitted to the scam; the only circumstantial evidence that Zai Lynch found was a page on the Official Second Life Wiki, written by a resident called "Neil Elton", that talked about the features of a so-called "Emerald Neillife Viewer", which certainly included a lot of illegal functions. Why someone could be so stupid as to write that on the official LL wiki (which keeps historical records forever!), I cannot imagine. "Neil Elton" has disappeared from the list of active residents since Saturday I believe — if he deleted his account or was banned by LL, I have no idea.

The good news, however, is that he's not in SL any longer, and that the original notecard that he was distributing points to a download link that 2shared.com has cancelled, so even if people get the notecard, they won't be able to download this illegal viewer any more. On Sunday, BitTorrent was offering several torrents for "Neil Life", but none of these had the same filesize as the original viewer (which LL might, at some time in the future, investigate in detail on a secure environment to see what kinds of traps/viruses/phishing functions it contains).

So all is good and well, even if my reputation got tarnished with that notecard bearing my name as creator. That's a small price to pay to get Second Life rid of this menace.

Also, it's fair to warn people that "Neil Life" is not the only illegal viewer out there being offered on the "underground" sites for download; there are more, most notably vLife ("v" stands for "virus"...) and CryoLife among them — but there might be more. For now, if you wish to try a third-party viewer, be very very careful to check its source. Usually, the ones listed on LL's wiki page are peer-reviewed and safe to download ("Neil Life"'s announcement on that wiki page was removed very shortly after it was posted — people are paying attention there!). If you mistrust *all* of these third-party viewers, that's also fine, you still have Philip Linden's Snowglobe as an "alternate", open-source viewer to the "main" LL official client.

Posted: Aug 10th 2009 12:49PM (Unverified) said

  • Half a heart
  • Report
Philip Linden is not a member of Linden Lab anymore.

Posted: Aug 11th 2009 6:51PM (Unverified) said

  • 2 hearts
  • Report
Was Cryolife really one of the mallicious clients? I'm certain of two clients, Greenlife Emerald and Vertical Life, that have had their images tainted by someone trying to sell or otherwise distributed malicious software using their names. I have the faint impression of remembering the official Cryolife, was not bad either though I might not be remembering this clearly enough.

Posted: Aug 10th 2009 1:17PM (Unverified) said

  • 2 hearts
  • Report
Wow... since when, Luminous?!? My apologies, as of today, he's still listed as Chairman of the Board of LL (http://lindenlab.com/about/management#rosedale), the position he kept since stepping down from CEO. He's still listed as a member of the Snowglobe research team at http://wiki.secondlife.com/wiki/Snowglobe_Committer_List

Do you have a link to that astonishing piece of news? Where did he go? He certainly didn't update his LinkedIn page yet (http://www.linkedin.com/in/philiprosedale)...

Posted: Aug 10th 2009 3:21PM (Unverified) said

  • 2.5 hearts
  • Report
Speaking as the pastor of the First Church of Rosedale, Our Lord most certainly is still at the Lab! He's no longer CEO, but he's chairman of the board. His projects since leaving the former role have included overhauling the map and working on Snowglobe.

Posted: Aug 12th 2009 8:18AM (Unverified) said

  • 2 hearts
  • Report
As for CryoLife, I really have just found two references to its malicious codebase. One is on the Herald: http://foo.secondlifeherald.com/slh/2009/08/the-cryolife-papers-prims-clothing-and-stealth.html

Kabalyero adds his own tips: http://www.kabalyero.com/2009/08/08/detecting-cryolife-and-banning-those-that-use-it/

Although on the Herald article, so many people seem to encourage residents to switch to the Emerald viewer instead, which allows users to detect who's using a malicious viewer and ban them (within limits), Emerald might just be... another "suspect" viewer after all! Speculation has been raised by Mouse Bard at http://www.sluniverse.com/php/vb/general-sl-discussion/32972-neil-life-warning.html#post762755 where Mouse claims that most Emerald viewers "[...] send[s] an encrypted block of something back to ModularSystems.sl as well. It might be login info, or it might be nothing. You can't tell."

This doesn't necessarily mean that all Emerald viewers are "tainted". The question is, for the clueless user, how will they know which Emerald viewers are "safe" and which are not? Also, a lot of speculation has been centred around the relatively large team of developers around Emerald, a few who are very legitimate and reputable and very likely honest residents, and some more shady ones that have just used the Emerald codebase to develop their own malicious content-copying SL viewers (and who knows what else they do with your logins and passwords).

This is more worrying than it seems when you consider that it's hard to track down "legitimate" programmers from mean crackers belonging popular griefing groups — you might be co-developing the next-cool-feature for Emerald with someone who only has malicious intentions in using it.

Posted: Aug 17th 2009 5:43AM (Unverified) said

  • 2 hearts
  • Report
Two points:

There have been replies on the SLU thread that Gwyneth linked to. I suggest catching up on it, as it got explained just how and for what Emerald might contact modularsystems.sl. None of them are malicious or damaging, and you are welcome to dissect the packets and/or debug the binary hosted on modularsystems.sl

Also, I have posted a blog comment on Gwyneth's blog about one and a half days ago, without knowing this article. See it at http://gwynethllewelyn.disqus.com/spammers_are_disseminating_a_new_illegal_sl_client_under_my_name/#comment-14786425

It basically goes from how I developed my first private viewer to how I joined Emerald and what the gist of things is. Another point I'd like to make is not to download Emerald binaries or source that is not hosted on modularsystems.sl or official mirrors ( not that we have official mirrors yet :P ), as we simply cannot guarantee the binaries or sources hosted elsewhere haven't been modified. If it's an official derivative of Emerald and not Emerald itself..well. I can only suggest to do the same as you can with Emerald: Take apart the source, sniff the pacets it sends, debug the binary. Take Emerald, as it is hosted by modular systems, apart. We don't mind. There is nothing malicious to be found.

Featured Stories





WoW Insider