Abstract
 

Paper Title

Malware on Second Life: Myth or Reality?

Author(s)

Francois Paget (France), Senior Virus Research Engineer, McAfee Avert Labs.

Time

12 December, Friday, 09:20 - 10:00.

 

 
Millions of people on our planet share their existence between two worlds: the real world as we all know it and Second Life: one of the many virtual universes accessible from the Internet. For two years now, Igor Muttik and I have been interested in these platforms. Some of you have undoubtedly had the opportunity to hear our talk about the subject at the recent EICAR or AVAR conferences. We explained then how modern attacks over the Internet were adapting to these new universes. We described gold key logging and gold phishing. We also highlighted script languages, including the one in Second Life and told you some instructions, whose abuse seemed potentially dangerous to us.

I wanted to continue this research by immersing myself in Second Life for a while to see – in practice – whether such attacks could effectively be carried out. With this new presentation today, I am providing you with an account of this "study tour" of Second Life.

First of all, my paper will come back to the specifics of this universe with a few updated data. We will then see how I designed my first Trojan. Not allowing myself to "really create malware", here as in following cases, I was careful never to "finish" the job. I was happy to simply use examples to demonstrate whether it was feasible. After introducing you to some non self-replicating programs, we will increase the complexity with worms and viruses. We will then continue our journey with a highly controversial program: Copybot. We will see how counterfeiters use it and how its virtual owner can make money from it without ever leaving their virtual seat. Finally, to conclude, and after exposing you to some other lines of thought, I might convince you that it is not inconceivable that an anti-virtualmalware could appear one day in these universes.