Blue Mountain victim of virus hoax

Blue Mountain Arts became an internationally known greeting card company thanks to the Internet's amazing power as an instant global communication tool. But Executive Director Jared Schultz today finds he's fighting hard against that very same power.

An e-mail flying around the Internet suggests recipients who open a Blue Mountain Web card will infect their computer with a virus. It's just a hoax, but the marketing campaign the company has been forced to mount to fight it shows how fragile a Web company's business can be in a medium where anyone can tell the world anything almost instantly.

Blue Mountain became aware of the hoax when e-mails from customers began trickling in Feb. 25. It didn't seem very serious, but in three weeks, the trickle has swelled to "tens of thousands of notes" from customers asking if the story were true. "And for every one who writes, who knows how many don't bother to?" says Schultz.

"We didn't realize how quickly something like this could spread," Schultz said, aware of the irony -- Blue Mountain formed its business around the Net's immediacy and reach. "We have learned a little more about the nature of the Internet."

The keyboard as a weapon
Hoaxes are as old as the Net itself, but most are relatively harmless. Even last year's Nike hoax, which promised recipients they'd get brand-new sneakers if they they sent old ones to Nike, cost only some extra postage for the 7,000 folks who fell for it.

But the Blue Mountain hoax is different. It shows one person, armed with a keyboard, can threaten a company's core business.

The once-tiny greeting card company has been around in paper form for 30 years but in 1996 became one of the first Web sites to offer free Net greetings. That vaulted the company into the top 10 most visited Web sites. It now delivers 1 million virtual greetings a day, and Schultz says virtual cards are the future of the company.

But the Blue Mountain Arts hoax cut right at that business. A typical message:

"Just wanted to forward along some info I received today from a VERY reliable source. Do not open cards from Blue Mountain Arts until further notice. Apparently a hacker got into their system and it's infected. If you open cards from them, your system crashes.....Pass this on to anyone you may know that uses Blue Mountain...."

Hoax spreading like wildfire
There's no known way to get a virus by retrieving a Blue Mountain card. Blue Mountain does not send out e-mail attachments, the usual method for virus transmission. Instead, card recipients get an e-mail notification which points them to a Web page. The Web page cards transmit no executable code to the visitor, meaning there's no way for a recipient to receive a virus.

One caveat: if you're tricked into visiting a Web page that looks like a Blue Mountain page but actually is an imitator set up to infect visitors through a bait-and-switch tactic known as "spoofing."

Nevertheless, the Blue Mountain hoax has spread like wildfire around the Net -- via e-mail, mail list postings, and Usenet messages. It's easy to find Newsgroup posters who've fallen for it ("Ooh thanks! I use that all the time!" writes one poster.

"This one is malicious. This one hurts us directly," said Schultz. And like a genie that has gotten out of a bottle, it's nearly impossible to correct disinformation that's spread around the Net.

Fortunately, the company is in a position to fight back. Every one of its 1 million daily greeting cards contains a message explaining that Blue Mountain cards are safe. The company also has information posted on its Web site. The counter-information campaign has been successful, and Schultz says the hoax has largely been beaten back.

"But if we were a little smaller, we would have had a lot more difficulty. It could easily have been the death knell of a smaller company with less resources to fight it," he said.

A reality check
This is far from the only hoax attack on a company, according to Rob Rosenberger, who maintains a popular virus myths page. The Bloat Virus, for example, suggests MP3 audio files can infect a computer, causing the user's hard drive to overfill. (More details from MP3.com.)

That hoax appears much more credible -- its press release-style sounds very authoritative, and it cites a non-existent but believable virus company named "Internet Western Associates."

"People need to have their cluemeter on," Rosenberger said. "Everything on the Internet needs a reality check."

Symantec Corp., which provides virus protection for Blue Mountain, suggested such hoaxes might not be able to exact a devastating impact on popular Web sites.

"People have a short memory on these things," he said. Given the number of times the Good Times virus hoax has resurfaced, that seems reasonable. "So it could have a short-term impact, but the company's reputation is so large that it won't have a long-term effect."

Still, Good Times also proves e-mail hoaxes never go away, so it's likely Blue Mountain will have to beat back this rumor for years to come.