Hackers find way to steal Second Life currency

According to Dean Takahashi of the San Jose Mercury News, hackers Charles Miller and Dino Dai Zovi explained that they have discovered a security-hole that could allow unscrupulous users to take other member's Linden dollars.

Linden Dollars, named after Linden Labs which created the world, are directly convertible to real dollars.

The exploit relates to Apple's QuickTime software, which is used to display videos in Second Life.

"The exploit works because Second Life allows users to embed videos or pictures on their characters or their virtual property," Takahashi said.

"When someone comes nearby and is within view of the object, the Second Life software activates QuickTime so it can play the video or picture. In doing so, QuickTime directs the Second Life software to a Web site. By exploiting the flaw in QuickTime, the hackers can direct the Second Life software to a malicious Web site that then allows them to take over the Second Life avatar.

The end result of that could be that a malicious hacker could then strip the avatar of any Linden dollar holdings.

The flaw is found inside the Real Time Streaming Protocol (RTSP) on which Quicktime's servers and clients are built, according to the United States Computer Emergency Readiness Team (US-Cert).

Unwary users who load rogue RTSP code - via a webpage, or from a file -can give attackers access to their computers undetected, the agency warned. In this case, hackers are able to take virtual world user's money.

"We were alerted a short time ago by Internet security professionals that a QuickTime exploit has been discovered which may allow an attacker to crash or exploit any user of the QuickTime software from Apple," company representatives told Takahashi.

Linden Labs said that the exploit can be easily fixed. In the meantime, however, it recommends that users constantly exchange their Linden dollars for real dollars to avoid any problems.

" You can't lose what's not there," the representatives told the reporter.