A sim, or simulation server, is a Second Life architecture component that “simulates” a 256x256 meter region in Second Life’s metaverse.  Sim servers handle most of the critical processing power necessary to maintain perpetually consistent object and terrain height-map state. They utilize an involved physics engine, Havok, which performs visibility calculations on both objects and map terrain. Upon completion, the sim server processes the results and transmits them to the client via UDP. 
 
Second Life real estate consumers essentially purchase their own sim server, or island, hosted in the Linden Labs’ cloud. As we know, many Second Life land owners develop upon their islands and operate their own virtual businesses. Many such virtual businesses have been successful and seen significant profit gains. All such virtual undertakings rely heavily on Linden Lab’s infrastructure and require their sim servers to be fully operational at all times.
 
If I am a business owner in Second Life I am most likely looking for opportunities to gain the upper hand on my competitors. I could perhaps spend tedious amounts of time conducting market research, perform user poling and reviews, hire outside consulting, etc. All of which are costly, time-consuming, extremely boring and still do not ensure the right business decisions will be made to overtake my competitors. 
 
Why not instead outsource my dirty work, contract cyber criminals to leverage a massive botnet, and DDoS my competitor’s sim servers back to the Stone Age?? This will render them unusable and perhaps even take them offline. Instead of hours and hours of market research and business study I’ll simply wipe them off the map. After taking down my competitors and monopolizing the market, consumers will be forced to seek out my virtual goods and services. My business’s name will become omnipresent and ubiquitously recognized throughout Second Life thus giving me a significant market advantage over my competitors once their sim servers come back online. That’s the vision anyway.
 
The obvious question is what can be done to combat these DDoS attacks? Currently, Second Life land owners are at the mercy of Linden Labs. They rely on Linden Labs to maintain and operate their individual sims securely. This is essentially the primary security issue concerning cloud computing. Consumers rely on cloud providers to secure their infrastructure. 
 
From a Linden Labs infrastructure perspective, it would be interesting to see sim locations in the infrastructure dynamically rotate and still maintain a perpetual virtual state. The cluster representative server, or space server, would essentially orchestrate the dynamic changes while the data servers in parallel, perform the necessary corresponding data processing. This type of dynamically orchestrated architecture would give the various sim servers ephemeral IP addresses and make them more difficult to target with DDoS attacks. This dynamic architecture is conceptually similar to the way in which attackers use DNS fast flux to obfuscate phishing and malware delivery sites.
 
DDoS attacks against sim servers in the virtual context can be used in countless ways to make money just as they can in today’s two-dimensional web. As virtual worlds and a three-dimensional Web become more relevant it will become imperative for world providers to account for DDoS attacks and build their infrastructures accordingly.