Emerald Viewer Login Screen Sneak DDOS Attack?

by Pixeleen Mistral on 20/08/10 at 12:44 pm

Developers of the Emerald Second Life client appear to have used their viewer to launch a distributed denial of service (DDOS) attack on the website of Hazim Gazov – a prominent critic of Emerald – after Gazov claimed the Emerald client was leaking potentially user-identifying information when rendering Second Life avatars. The DDOS attack took advantage of the large number of Second Life players that currently run the Emerald client, although how much longer Emerald will remain popular is an open question.

Whenever an Emerald user logs into Second Life, they are presented with a login screen from the modularsystems.sl web site at http://www.modularsystems.sl/app/login/. After Mr. Gavov noticed his web site performance had slowed, it came to light the Emerald login screen at modularsystems.sl contained a number of hidden links to images and a dynamically created page on Gazov’s iheartanime.com site. These links can be found in the Google cache for the emerald login URL from August 9th. The same 32 links can be found in the Bing cache from August 17.

modular bing
Bing.com cache: August 17
modular google
Google.com cache: August 9

Gazov told the Herald he saw 16,541,673 page hits referred by the Emerald login pages over three days – or approximately 170,000 logins per day.

This presents a serious problem for Linden Lab, the creators of Second Life.

With an estimated 20 – 30% of Second Life’s players running the Emerald viewer it is an open question whether Linden Lab can control the questionable behavior of the Emerald developers without risk of alienating a significant portion of the declining user population. At the same time, players are unlikely to be pleased their computers were hijacked to DDOS a website without their consent. None of this is good news for Second Life – Linden Lab recently fired 30% of its staff in a round of cost cutting measures.

Emerald spokeswoman Arabella Steadham

While it is difficult to understand how this could have been innocent fun, Emerald spokeswoman Arabella Steadham got in touch with her inner Bagdhad Bob and claimed that secretly hijacking  Emerald users’ computer and bandwidth to attack a critic’s web site was simply "shenanigans".

Ironically, some of the hidden iframe referrals in the Emerald client login page were pointed to the images Mr. Gazov used to illustrate the Emerald client’s ability to disclose user-identifying information about Second Life playes running the Emerald client – a revelation that led to the resignation of Emerald developer LordGregGreg last week. In response, Bagdhad Arabella Ms. Steadham announced that recently fired Qarl Linden had joined the Emerald team last Sunday.

The pattern of damaging revelations immediately countered with a cheerful announcement of  ex-Linden signups for the Emerald team continued today when Ms. Steadham announced Data Linden was joining the gang.

Meanwhile, former Linden Lab staffer Hamlet Au filed a nearly incoherent report today, after playing off recent Emerald indiscretions last week as "an academic or highly conjectural coding issue".

Apparently the Emerald developers took things a bit more seriously than Hamlet – or perhaps stealth denial of service attacks are just a normal part of the new media landscape. In any case, surprisingly cozy relations between ex-Lab employees and the Emerald viewer developers do not seem likely to reverse the fortunes of struggling metaverse service provider Linden Lab.

149 Responses to “Emerald Viewer Login Screen Sneak DDOS Attack?”

  1. Nidol

    Aug 21st, 2010

    I’d laugh if LL took Emerald off of the TPV directory for this.

  2. A Furry

    Aug 21st, 2010

    I uninstalled the viewer and moved to Imprudence because of it.

  3. Nelson Jenkins

    Aug 21st, 2010

    @ Nidol

    I’d ejaculate rainbows if LL took Emerald off of the TPV directory for this.

    And blocked it.

  4. Belshazaroth

    Aug 21st, 2010

    I switched to Nano. Nano is based off of Emerald, but seems to lack being directly controlled by Emerald Team.

  5. Orion

    Aug 21st, 2010

    And how many more customers will Linden loose as a result of this shit? I yanked my accounts for good in utter disgust months ago after the whole CDS / Datamine mess. You’d think Linden would get its act together and tell these script kiddie hackers where to shove it!

  6. At0m0 Beerbaum

    Aug 21st, 2010

    and thus they show their true colors.

  7. The Emerald Dev Team

    Aug 21st, 2010

    Two weeks ago, amid an atmosphere of pride and boasting about Emerald traffic, a silly idea was hatched.

    This idea was to target a blog owned by a creator of a malicious viewer, and boast of the traffic Emerald has captured. The method for doing this was to add links to the Emerald log in page linked to said blog. Each time anyone logged in, our page loaded up and also the other page loaded up – simply to show off our volume of traffic.

    This was not a DDoS. This was a poor attempt at boasting that failed miserably. Once we discovered this, these links were deleted and the dev concerned was disciplined.

    The entire Emerald Team offers it’s sincere apologies for concern, panic, worry, mistrust and disappointment felt by our users because of this. I can most strongly assure you that this will not happen again.


    The Emerald Dev Team

  8. Alyx Stoklitsky

    Aug 21st, 2010

    Haha, mac is for faggots.

  9. Jayd3n

    Aug 21st, 2010

    Emerald is a piece of shit, their developers are piece of shit no good for nothing hackers… The only guy I trust was Lord Greg Greg, and he left their team…

  10. Jayd3n

    Aug 21st, 2010

    AS for Skills Hak He needs to be banned from Second life for disturbing the Peace with Emerald, and Client Detection System.

    We have already seen what Emerald Team did because woodbury uncovered the truth, they were destroyed by Emerald.

    Now Skills hak has control over bans of hundreds of avatars, IP logging anyone who cannot block out their methods, disable of media no longer works. And he/she bans anyone who they dont like all their alts, and they know who you are, ect.

    Linden Lab needs to do something about the Emerald Team abuse fast.

  11. Ann Onymous

    Aug 21st, 2010

    There’s a word for software that does this:


  12. anon

    Aug 21st, 2010

    They are going to run out of PR-Saving lindens one day…

  13. Aidamina Hunt

    Aug 21st, 2010

    Uninstalling Emerald Viewer as we speak

  14. Colonel D Bugger

    Aug 21st, 2010

    Funny how the rest of the world are finally catching up with what WU were telling everyone months ago.

    Incidentally, I use Imprudence too, it’s made of four kinds of superior win.

  15. Dave Bell

    Aug 21st, 2010

    For once, this anti-Emerald story is backed by impartial evidence.

    And it wasn’t “silly”, it was potentially criminal.

    There have been too many stories about Emerald which I don’t have the skills to check myself. I don’t want to rely on groups such as Woodbury, and I find it hard to trust the Herald.

    In the end, this is a question of collective reputation. You publish the claims of Intlibber Brautigan. Emerald continue to depend on this particular developer. Crooks and liars, it seems, and who should I trust?

  16. swedishfox ghost

    Aug 21st, 2010

    i call bullshit

  17. AM Oderngrl

    Aug 21st, 2010

    I dumped Emerald back in May when the Herald first covered the story of Emerald’s secret database of identitities. These devs are not simple-minded aw-shucks babes in the woods but know exactly what the stunt they pulled could do to a small blog. They admit that the atmosphere at their organization is so toxic as to permit a team member (so they claim) to use their website for a DDOS attack and feel perfectly okay with it. (Did anyone else snort at the “disciplined” bit?) This also means that LordGregGreg’s claim is correct, that there is no way of knowing what is actually getting put in the client and pushed to the users.

    How can anyone who uses SL for work or play or love or any other purpose trust this group with their every interaction? LL needs to yank their third party viewer status.

  18. Alpha

    Aug 21st, 2010

    So it was Fractured Crystal like 99% of all the Emerald fuckups. They should dump him, he is really dragging the project down with his immature bullshit. How pathetic :(

  19. Gundel Gaukelei

    Aug 21st, 2010

    The funny part is, that still a considerable lot of users prefers this known malware over the Linden Viewers. How do you feel as a developer of something thats b.a.d. (b0rked as designed) to the extent that your targeted customers rather favour a backdoored, trojanised ddos node made by known skiddies and scammers. I mean serously thats like you’re a cook and ppl tell you “No thx, I rather stick with the poison”. And that after you tried twice … I think, as a Linden dev, I would put a bullet in my head.

  20. Urizenus

    Aug 21st, 2010

    Holy shit. Can we get a statement from the Lindens about this? Maybe start with Mr. Wallace?


  21. Minty

    Aug 21st, 2010

    Most of Emerald big problems appeared after LL failed to impose its 2.0 viewer. Is it strange, isn’t it?

  22. Bubblesort Triskaidekaphobia

    Aug 21st, 2010

    You know who the only “cops” were who tried to protect us from this before it was too late?


    The Metaverse is THAT fucked up now that when somebody does something that could genuinely protect people from this kind of thing and they get booted from SL for it, along with their entire organization, which includes people who had nothing to do with it.

    I think LL owes Woodbury an apology.

  23. Bubblesort Triskaidekaphobia

    Aug 21st, 2010

    Alpha: Fractured Crystal owns the emerald project. He owns the server they all keep their code on, in other words. He could boot everybody else, but nobody could boot him.

  24. Glenn Beck

    Aug 21st, 2010

    You know who else DDoS’d their enemies?


  25. Charity Stohr

    Aug 21st, 2010

    inb4 Hazim says “I told you so”

    I never got an answer why in the 3rd party viewer directory it says you can’t have your viewer listed is your account is not in good standing considering jcool was banned multiple times for griffin’ and making v-life. Linden Labs owes us a HUGE apology, and a hand job.

  26. [...] just hilarious.  Click here to read the full story, courtesy of the AlphaVille [...]

  27. had enough

    Aug 21st, 2010

    @ swedishfox ghost “i call bullshit”

    Sticking up for your fellow fur fags?

  28. Kiddoh

    Aug 21st, 2010

    “Two weeks ago, amid an atmosphere of pride and boasting about Emerald traffic, a silly idea was hatched.
    This idea was to target a blog owned by a creator of a malicious viewer, and boast of the traffic Emerald has captured. The method for doing this was to add links to the Emerald log in page linked to said blog. Each time anyone logged in, our page loaded up and also the other page loaded up – simply to show off our volume of traffic.”

    AKA a DDoS attack.

    “This was not a DDoS.”

    A DDoS is a DDoS, something that your team caused intentionally.

    ” This was a poor attempt at boasting that failed miserably. Once we discovered this, these links were deleted and the dev concerned was disciplined.”

    I don’t believe a damn word in those two sentences. Your boasting in the first two paragraphs shows that your team was in on it from the beginning. Also; that line sounds familiar… Y’all said something exactly like that in regards to the data-mining that Hazim discovered. LGG later discovered that not only was it not deleted, it was put behind even more security each time it was re-discovered.

    “The entire Emerald Team offers it’s sincere apologies for concern, panic, worry, mistrust and disappointment felt by our users because of this. I can most strongly assure you that this will not happen again.”

    lol, No one can trust you anymore, Give us something better than a word we can no longer trust.

  29. Judge Joker

    Aug 21st, 2010

    @had enough

    Please don’t bring fur fags into it, that has no bearing on the overall situation.

    Evidently I’m what you might brand a fur fag, and I’m specifically ranting at Philip Linden to remove it from the 3rd party list on Twitter, “confirm for yourself” so yea it’s not a singular fur fag issue if other fur fags are involved in opposing the viewer as well.

    But that makes me wonder what criteria you think one needs to be to be a fur fag.

    Does being a bisexual furrie who supports rainbows and is aiming to wear a fursuit at furcons count? or do I have to be the dredge of society to join such a stereotypical group in your eyes?

    Back on topic:

    Clearly these so called ex-lindens have only joined emerald to either keep themselves popular or were sent by Linden Labs to add an air of respectability to an overly retarded group of developers.

    If that’s a bit harsh well I was all for Qarl Linden returning to the lab, and now hes chosen to side with people who exploit the user base Now I’m all for Qarl to quietly disappear or realize his mistake and offer himself as a multi viewer developer/consultant to improve second Life for everyone not just the residents who don’t mind being exploited.

    Evidently Qarl has made a huge FUBAR by using his long standing and hard earned reputation to help improve such a malicious and dangerously devious individual as “insert name here”‘s reputation.

    As we can all see through such narrowly disguised events, it makes me wonder why Linden Labs would let this viewer get as far as it did, when it’s so fucking obvious it’s being used as a cover to exploit users.

    Typical Malware tactics, great front with a deviously destructive code base.

    @The Emerald Dev Team

    Don’t forget to add me to your enemy’s list, I look forward to following what you have been up to, and perhaps in time making sure everyone knows.

    Even if that ruins Qarl & Data Lindens reputation, they made their bed so let’s play the game.

  30. Judge Joker

    Aug 21st, 2010

    I would just like to add, that guy now has 16 millions hits of IP data, on Residents who use Emerald from loading the image, but no SL names.

    This on it’s own is valuable because it can be used to geologically locate the highest percentage of users of what country use emerald and cross referenced with other leaked data could be even more valuable.

    Which can be used to target a set of residents, either to make a new viewer and attempt to take the user base from emerald, by appealing to the highest percentage, or if someone wanted to run a business in world they would have enough data to plan out appealing items to sell to such a geological demographic.

  31. Slayer

    Aug 21st, 2010

    I would think that it would be a big PR mistake by Linden Labs not to do something about this. If Linden Labs just ignores this, what does it say about their concern for the security of their customers?
    To me that they do not care. Linden Labs needs to reevaluate the whole TPV policy. If they are unable to find the time and resources to check software being used to access Second Life, Then this preferred list is nothing but a smoke screen.

  32. Nelson Jenkins

    Aug 21st, 2010

    @ Judge Joker

    The Emerald devs aren’t listening, I just posted that because AH still hasn’t updated their article. Not sure why, because it’s really, really funny.

  33. Persephone Bolero

    Aug 21st, 2010

    Reading the apology from Arabella, it seems pretty sincere to me. I am curious exactly what “discipline” was given to the developer that did this. Does anyone know?

    If he or she was “disciplined” in a way that ensures that nothing like this will ever happens again (up to and including removal from the team), my concerns would be addressed.

  34. Sitearm

    Aug 21st, 2010

    My off-the-cuff reaction is “wheeeee…..” and I am not sure why but let’s get to the bottom of it:
    1. According to the SLCC 2010 Viewer 2 Keynote, the SL Main Viewer code is going to continue to be made available and even MORE available for third party developers.
    2. Whatever else Emerald may have done or not done, they brought in bouncing bosoms, which I for one think is a Must Have in any properly fully immersive virtual world viewer.
    3. The down side of dissing, or dossing, or whatever it’s called, to me seems to be if it slowed down the log in.
    4. And omg how cool is that if some developers-formerly-known-as-lindens are going to the Emerald team?
    5. In other words, Emerald seems to have started out as the Good Girl of 3rd party developers and is now the Bad Boy too. Excellent!
    6. I certainly don’t mean to make light of sharing user data inappropriately FACEBOOK but I am FACEBOOK confident all FACEBOOK reliable viewers FACEBOOK we come to FACEBOOK rely on will be sure to address FACEBOOK this issue.

    /me flees…

  35. Bubblesort Triskaidekaphobia

    Aug 21st, 2010

    @ Belshazaroth: The nano web sites on destructivelabs.com and source forge are all down. Maybe Modular Systems took them down as well?

    @ Joker: I could not agree more. Quarl needs to disappear. He’s as guilty as the rest of them.

    LL needs to block Emerald and bring back Woodbury and let them run the G-Team, then give out hardware bans for all Emerald devs who were members of Modular Systems at the time of the attack. No exceptions!

  36. Dede

    Aug 21st, 2010

    Just listen to Arabella. She talked face to face to Hazim and said “say whatever you want, it was not an attack.” Clearly, jaycool and phox are not scheming alone. I’m saying this because I know they’re just going to say they kicked jaycool out and everything is okay.

  37. Gundel Gaukelei

    Aug 21st, 2010

    Once I dated a girl whos name was arabella and thats how “she” looked in RL:


    You’ve been warned!

  38. J

    Aug 21st, 2010

    Hazim’s viewer is not malicious, at least not any more than the Onyx viewer created by the Emerald developers. What makes you better? Nothing.

  39. Little Lost Linden

    Aug 21st, 2010

    With all this crazy Emerald crap happening, you really have to ask yourself only one question…Where are the Wonder Twins when you really need them?


  40. Bubblesort Triskaidekaphobia

    Aug 21st, 2010

    Want to see how “repentant” Arabella truly is? Listen to this conversation with Hazim. She doesn’t apologize to him at all, except to say “sorry, I can’t help you”. There is no remorse for the victim of this attack. They are just sorry we found out about it, not sorry for the damage they caused.


  41. Charity Stohr

    Aug 22nd, 2010


    I think the greatest part about that little bullshit press release they copypasta’d to this page from their blog is that no one is buying that shit. All of the comments on their blog are essentially saying that this is terrible you did this or GOOD THAT FUCKER DESERVED THE DDoS! No one is slappin’ there knee with a hoot n’ holler at their very silly plan, the fanbois know it’s bullshit and agree with it.

  42. Nelson Jenkins

    Aug 22nd, 2010

    Gonna go ahead and cross-post this to this article as well.

    I wanted to make it abundantly clear, because Lindens don’t typically post comments on these boards to tell you guys what’s going on, that the Lindens have gotten word of this attack and are deliberating both removing Emerald from the TPV list and officially blocking it from accessing the Second Life main grid. The only roadblock is the fact that a huge chunk of clients currently use Emerald and they don’t want any problems with thousands of people submitting tickets and whatnot asking why they can’t connect. Phillip was the one who pointed it out and is pushing for the ban, so give him some love.

  43. Charity Stohr

    Aug 22nd, 2010

    @Nelson Jenkins

    Should i give him some of the love machine? ;o

  44. Dede

    Aug 22nd, 2010

    You know if the comments on Modular’s blog post are “negative,” (Arabella’s words) they must’ve been absolutely flooded with “negative” posts behind the scenes. Appears it would’ve looked pretty bad if they had just blocked them all, this time.

  45. Yep

    Aug 22nd, 2010

    “The only roadblock is the fact that a huge chunk of clients currently use Emerald and they don’t want any problems with thousands of people submitting tickets and whatnot asking why they can’t connect. ”

    I wasn’t aware that LL cared if people could connect on a third party viewer. Most of the time if you call the help desk on a third party viewer they just shrug. besides it’s not like they cannot choose the SL viewer or another third party viewer.

  46. Nelson Jenkins

    Aug 22nd, 2010

    @ Yep

    Technically no, but they just don’t want to handle all the Emerald users sending in tickets and whining about it.

  47. [...] The recent Distributed Denial of Service (DDoS) attack run from Emerald Viewers causes more confusion. The Emerald explanation and actual events just don’t seem to work together. See: Emerald Viewer Login Screen Sneak DDOS Attack? [...]

  48. Darien Caldwell

    Aug 22nd, 2010

    It will be interesting what LL decides to do come Monday.


  49. Nelson Jenkins

    Aug 22nd, 2010

    @ Darien Caldwell

    Emerald ees dead. Not beeg surprise.

    Sent from my IMSAI 8080 via Cermetek 212A modem

Leave a Reply