Tuesday, November 14, 2023

Phishing Scam Viewer Worries Get Linden Lab's Attention

It's a sad fact that the Internet is full of scammers. And unfortunately some have come to Second Life.  There's been some news going around recently about one particular phishing scam: a viewer that will supposedly give you unlimited Lindens, and allow you to build anywhere.


Are you tired of spending your hard-earned Linden Dollars? We've got an exciting solution just for you! Introducing our SecondLive Viewer, where everything is not only free but also open for endless possibilities.

  • Unlock unlimited Linden Dollars (L$) for all your virtual adventures.
  • Fly to unlimited heights.
  • Build on any land of your choice, all for free.

But that's just the beginning.

Link: <Some URL, typically a tinyurl link>

We're sincerely thankful to everyone who joins us in our mission to make SecondLife completely free. Don't miss this incredible opportunity.

Best Regards.

Most residents would recognize right away these claims are bogus. Viewers can't create Linden dollars, only Linden Lab's computers can do that. One would have to hack into them, and keep hacking to get the virtual money, which would not only be extremely difficult, but easily discovered and traced. Nor can your viewer determine which land you can build on - the permissions of who can and can't are stored in the servers.

Firestorm would express worries of copybot viewers last month before I personally started hearing about the forementioned scam. The scam itself I first heard about when a few people passed me a link to a post made by FelixWolf on GitHub, who would be identified by Inara Pey of Modem World as Chaser Zaks of Team Firestorm who "risked taking a look under the covers of the code that is supplied."

What the viewer actually does is run a program called builddata.bat on your computer, which installs a number of remote administrative toolkits (or RATs). Once your machine is infested with these RATs, the scammer can:

Steal your Linden dollars and go through your inventory

Steal your password and hijack your account, and whatever they do, people (and Linden Lab) will think it's you.

Go into your computer and steal/delete your files.
Steal your banking and credit card information, and steal your real-world money, and possibly ruin your credit.
Discover real-life information on you, such as your city and street address. 
Activate your camera and take pictures of you and the contents of your room. If they get your real-life location, they may know where to find valuable items to steal. 

Last Thursday, Linden Lab would feel the need to remind it's residents of the dangers of phishing scams in general, "Ensuring A Secure Second Life Experience." It brought up this particular viewer, "
It is important to remember that downloading software from unknown sources has a very real risk associated with it. You could unintentionally allow someone to monitor your keystrokes or even gain complete control over your computer. It has the potential to expose not just your Second Life password, but all other important information you have on your computer. ... Be wary of suspicious links or attachments sent by other users. These may be attempts to compromise your account or computer. ... Only download and install the official Second Life viewer, or an approved Third-Party viewer directly from the links provided by our site."
So once again, a reminder that one needs to be a little wary when going about Second Life (and the Internet in general), and don't let yourself get a RAT infestation. 
Bixyl Shuftan 

1 comment:

  1. This isn't surprising in the slightest...

    There was a scammer I encountered several times whom got banned finally, about 8 Months ago they contacted me inviting me to their sim, claiming to be that person that got banned and trying to debunk a lot of their BS, they have no idea how much of their own info they leak and what I got on them as a result. I didn't even bother replying, I immediately blocked them and filed an AR, Making sure their message was included in the screenshot, I spelt that back out, and then stated, if this user isn't whom they claim to be they are impersonating another user, and if they are whom they claim to be they are evading a ban. From time to time I would search their name only to see, yep of course LL has only done nothing, the entirety of their income is known to be scams and they had enough income to live and run a sim apparently. I would search their account to check for a ban, Only recently did it and their sim disappear. Kinda says something about Linden Labs Moderation. If the money flows it goes, doesn't matter the hoes woes.

    To be fair with other incidents in mind, like zFire I think LL disables abuse reports from some users when they file abuse reports against particularly egregious users who pull in a lot of money as LL probably keeps record of whom gets banned, why, and reports against them, they probably don't want to have record of the legal codes they violate on users that file complaints against incidents that California regulation requires immediate action on, such as what zFire had done which took well over 2 years for them to act on and comes with hefty fines for every incident every day of inaction past 30 days. I mean LL allows people to sell their ban lists too with no regulation to how that list is generated, we still got things like VooDoo anti bot on the grid. and to use zFire as an example again usually sold ban lists encapsulated into a security tool turn out to be another kind of scam, protection rackets, where as the creator is on the supply side of the problem they claim to protect you from. If it doesn't look right and you can't see how it works in its entirety its a scam probably.

    That stated, gotta keep an eye out for URL's with an extra letter or for that matter a Cyrillic version of an Roman character(some Cyrillic characters look just like their roman counterparts but use a different ASCII code), set your viewer to only open official links in the built in browser and be suspicious of anything your viewer opens in the main browser and don't login to anything especially MP with whatever browser is set to automatically open upon clicking links, and be totally suspicious of creators using URL Shorteners such as TinyURL, their use is unnacasary and they can provide their MP links in a pick where they left enough character space. If you really want something from a tiny URL login to MP in the viewer with the other settings mentioned, hell set it as your home page for the viewer but search that stuff, and if it doesnt turn up the link with the TinyURL might be fake, trust nothing but yourself. I had a friend get hacked cause a friend of theirs got hacked and they had trust of them.

    LL Should probably integrate MP into the viewer in a way similar to search as a one button thing, they got some of the merchant tools integrated that way why not the shopping ones as well.

    Apologies for the tangent, Secondlife has scams, some of which have festered for years, Given LL doesn't react unlike some other companies, scammers are emboldened on the service as LL follows through on nothing their obligated too unless it hits their bottom line.