Jump to content

New form of griefing?


Recommended Posts

Today I was at a rental office and noticed a few people hanging around the welcome area, thought nothing of it then suddenly and simultaneously my viewer (Latest Firestorm) opened up search and some offensive words appeared in the text box, aswell as a "create new group" window, with some errors appearing on the screen. I quickly left and closed out all these windows.  It was quite a scary experience and I was only one click away from clicking the OK to create a random group at a 100l$ cost.

I have no clue who or what cause it, as an experienced avatar, I never thought this was possible to control another users input in such a way.

Link to comment
Share on other sites

11 minutes ago, AmerAaron said:

Today I was at a rental office and noticed a few people hanging around the welcome area, thought nothing of it then suddenly and simultaneously my viewer (Latest Firestorm) opened up search and some offensive words appeared in the text box, aswell as a "create new group" window, with some errors appearing on the screen. I quickly left and closed out all these windows.  It was quite a scary experience and I was only one click away from clicking the OK to create a random group at a 100l$ cost.

I have no clue who or what cause it, as an experienced avatar, I never thought this was possible to control another users input in such a way.

It does seem to be a new thing.  Something @Linden Labor @Quartz Molemight want to look into.

 

  • Thanks 4
Link to comment
Share on other sites

This sounds like a variation of the "blue boxes of death" griefer attack...but it's worse in that it attempts to get you to pay out some money. (But I can't see how the griefer would benefit from that. Group creation fees go to LL.)

Link to comment
Share on other sites

3 minutes ago, Lindal Kidd said:

This sounds like a variation of the "blue boxes of death" griefer attack...but it's worse in that it attempts to get you to pay out some money. (But I can't see how the griefer would benefit from that. Group creation fees go to LL.)

I wonder if the group is something offensive, and then the griefer can AR you for owning an offensive group...

Link to comment
Share on other sites

2 minutes ago, Maitimo said:

I wonder if the group is something offensive, and then the griefer can AR you for owning an offensive group...

That would be about as effective as trying to maim someone with a watermelon cannon.

Still. This is concerning.

  • Like 1
Link to comment
Share on other sites

It is still happening, I have just used an alt to go there, not sure if I am allowed to mention the region (Thorlaug) But they open your help browser, search your viewer menu for "cache location", attempt to create group and write "Youre a xxx" in search.

I didn't stay around long as more things started happening in the search windows. I wish I was able to report it to linden labs but with noone to choose to report i'm at a loss to whether it's an object or person involved.

*deletes cache and goes for coffee*

  • Like 1
Link to comment
Share on other sites

8 minutes ago, Lindal Kidd said:

If they can find out your computer's cache file path, that's VERY concerning.

Indeed,  I'm hoping someone from Firestorm is made aware of this. I've rolled back to the previous version for now and changed my password.

The official secondlife viewer seems a lot safer, there I just got spamed with a teleport request to a sandbox along with notice in local saying there are too many SLurls from an untrusted source that will be blocked for security.

  • Like 1
Link to comment
Share on other sites

1 hour ago, AmerAaron said:

It is still happening, I have just used an alt to go there, not sure if I am allowed to mention the region (Thorlaug) But they open your help browser, search your viewer menu for "cache location", attempt to create group and write "Youre a xxx" in search.

I didn't stay around long as more things started happening in the search windows. I wish I was able to report it to linden labs but with noone to choose to report i'm at a loss to whether it's an object or person involved.

*deletes cache and goes for coffee*

Choose Governor Linden as the avatar you are reporting. This is in accordance with how LL wants us to report abuse when we don't have an avatar name.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

2 minutes ago, bigmoe Whitfield said:

Thanks.

Yes this form of griefing has been popping up over the last few days. It uses media on a prim (MOAP) to open those floaters on your screen.

If you disable media in the viewer, it will stop it.

Linden Lab issued an emergency ModalHotfix viewer to fix this on Thursday: https://releasenotes.secondlife.com/viewer/6.6.4.575022.html

Firestorm Viewer will have a new beta viewer out, hopefully tomorrow with the fix.
To pick up the Firestorm Beta, please join the "Phoenix-Firestorm Preview Group" & the beta will be sent out in the group notice.

This problem affects all viewers that don't yet have the Linden Lab patch.

NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen.

  • Like 4
  • Thanks 18
Link to comment
Share on other sites

4 minutes ago, Whirly Fizzle said:

Thanks.

Yes this form of griefing has been popping up over the last few days. It uses media on a prim (MOAP) to open those floaters on your screen.

If you disable media in the viewer, it will stop it.

Linden Lab issued an emergency ModalHotfix viewer to fix this on Thursday: https://releasenotes.secondlife.com/viewer/6.6.4.575022.html

Firestorm Viewer will have a new beta viewer out, hopefully tomorrow with the fix.
To pick up the Firestorm Beta, please join the "Phoenix-Firestorm Preview Group" & the beta will be sent out in the group notice.

This problem affects all viewers that don't yet have the Linden Lab patch.

NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen.

I think if they have found a backdoor or some sort of major bug like that. Think about how it could be used to actually hack into the user, by injecting scripts into. I mean you can have scripts in SL talk to scripts IRL. This is actually much scarier than I thought. 

  • Like 1
Link to comment
Share on other sites

10 minutes ago, Whirly Fizzle said:

Thanks.

Yes this form of griefing has been popping up over the last few days. It uses media on a prim (MOAP) to open those floaters on your screen.

If you disable media in the viewer, it will stop it.

Linden Lab issued an emergency ModalHotfix viewer to fix this on Thursday: https://releasenotes.secondlife.com/viewer/6.6.4.575022.html

Firestorm Viewer will have a new beta viewer out, hopefully tomorrow with the fix.
To pick up the Firestorm Beta, please join the "Phoenix-Firestorm Preview Group" & the beta will be sent out in the group notice.

This problem affects all viewers that don't yet have the Linden Lab patch.

NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen.

Thanks Whirly! This is really useful.

Question, though. After RedZone, many of us disabled media autoplay. Will that still protect us from this, or does this work around that solution?

Edited by Scylla Rhiadra
  • Like 1
  • Thanks 4
Link to comment
Share on other sites

Just now, Sammy Huntsman said:

I think if they have found a backdoor or some sort of major bug like that. Think about how it could be used to actually hack into the user, by injecting scripts into. I mean you can have scripts in SL talk to scripts IRL. This is actually much scarier than I thought. 

It's just a clever use of viewer media.
Though it seems very scary, all that can be done on unpatched viewers is open up any viewer floater on your screen when the media loads, plus enter custom text into the search window or TOS window etc.
Obviously I don't want to explain how it's done before everyone has the fix. I wish I could because then it would be less scary when you see what 's actually happening.
All I will say is the media is not actually directing to an web page at all & it's actually using supported functions in the viewer.
I'm surprised no griefer thought of using it this way before.

So please don't worry - it's extremely annoying but ultimately harmless.
I suspect LL patched it quickly because it was causing lots of worry to those that had been hit with it, understandably.
 

  • Like 4
  • Thanks 9
Link to comment
Share on other sites

1 minute ago, Scylla Rhiadra said:

Question, though. After RedZone, many of us disabled media autoplay. Will that still protect us from this, or does this work around that solution?

It will still load the floaters if autoplay is disabled, just not as quickly.

  • Thanks 9
Link to comment
Share on other sites

17 hours ago, Whirly Fizzle said:

NOTE: Even on the patched viewers, MOAP is still able to open the search and places floater on a users screen.

17 hours ago, Whirly Fizzle said:

It will still load the floaters if autoplay is disabled, just not as quickly.

At least at this location, at least on the patched Linden viewer (and Catznip without the patch), I find setting Media auto-play to "No" keeps the floaters off the screen, but they appear with either "Yes" or "Ask". Probably for similar reasons, the media filter on Firestorm appears to have no effect, which kinda makes sense because the problem behavior isn't associated with an external URL, and apparently arises at an earlier level than filtering or asking about a media source.

Still, I'm surprised it works this way.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

20 hours ago, Whirly Fizzle said:

It's just a clever use of viewer media.
Though it seems very scary, all that can be done on unpatched viewers is open up any viewer floater on your screen when the media loads, plus enter custom text into the search window or TOS window etc.
Obviously I don't want to explain how it's done before everyone has the fix. I wish I could because then it would be less scary when you see what 's actually happening.
All I will say is the media is not actually directing to an web page at all & it's actually using supported functions in the viewer.
I'm surprised no griefer thought of using it this way before.

So please don't worry - it's extremely annoying but ultimately harmless.
I suspect LL patched it quickly because it was causing lots of worry to those that had been hit with it, understandably.
 

I had a feeling it had something to do with media on a prim.. I cut everything media related off yesterday and went there and didn't get a hit..

Will the media filters stop something like this or will it go passed those?

ETA: Oh wait, I see the last part was answered already.

Edited by Ceka Cianci
Link to comment
Share on other sites

5 hours ago, Gabriele Graves said:

I've always have media turned off since it was introduced.  Seems I was right to do so.  I don't feel as though I've missed out on anything crucial.

Ya I'm the same way, I only enable it for certain things and then disable it when I'm finished.. Those RZ days put me in the habit of that pretty quick.. hehehe

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...