IDG News Service - Buying tickets online for Tom Cruise's latest movie became a Mission: Impossible for some theater goers last weekend thanks to a computer virus that gummed up ticket-buying in the Southeastern U.S.
The virus popped up late Friday afternoon, disabling operations of Muvico Theatres Inc., a small regional chain based in Fort Lauderdale, Fla. Hackers hit Muvico's Internet servers just as the company was gearing up for its busy weekend period, inconveniencing "thousands of moviegoers," said John Spano, a Muvico spokesman.
The malicious software disabled Muvico.com's showtime-listing and ticket-purchasing features, and then spread to the company's point-of-sale systems, halting credit card transactions at Muvico's 12 megaplex theatres in Florida, Maryland and Tennessee.
"If people showed up with a credit card and they did not have cash, then they had to be turned away, because we had no way of selling them a ticket," Spano said.
Muvico's headquarters was empty at the time of the attack, because a fire alarm had been triggered just 25 minutes before the malware hit, Spano said. The company doesn't know whether the alarm was related to the attack or whether the attack was an inside job, he said.
Spano could not say how much money the company had lost because of the attack, which is now being investigated by the FBI.
Though the company's point-of-sale systems are now coming back online, the Web site's show-listing and ticket-selling features remained inaccessible yesterday.
The attacks were designed to gum up operations and not steal customer information, Spano said. "Nobody's credit card numbers were compromised; There was no identity theft," he said.
Attackers may have had an easier time cracking the Muvico.com Web server because it is running Windows 2000, said Rich Miller, an analyst at Web tracking company Netcraft Ltd. Windows 2000 is an older version of Microsoft Corp.'s operating system, and it has been the subject of frequent widespread attacks, including last year's Zotob virus.
"Microsoft still supports Windows 2000 to the extent that if you're current, you should be well-protected. But it is less secure than Windows Server 2003," Miller said. Still, there remain a "substantial number of Web sites that continue to run on Windows 2000," he said.
While most companies keep quiet about such attacks, Muvico took the unusual step of issuing a press release announcing that it had been hacked because it felt that it owed customers an explanation after the service disruptions last weekend.
"We went public with it because of the fact that Muvico is known for our exceptional customer service," Spano said. "It affected our guests, and for us, that's the largest target. We had very unhappy guests last weekend."
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
