Return-Path: <owner-rsgb_lf_group@blacksheep.org>
Received: (qmail 12416 invoked from network); 1 Nov 2002 21:16:18 -0000
Received: from warrior.services.quay.plus.net (212.159.14.227)  by mailstore with SMTP; 1 Nov 2002 21:16:18 -0000
X-Priority: 3
X-MSMail-Priority: Normal
Received: (qmail 15719 invoked from network); 1 Nov 2002 21:14:51 -0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Received: from post.thorcom.com (193.82.116.70)  by warrior.services.quay.plus.net with SMTP; 1 Nov 2002 21:14:51 -0000
Received: from majordom by post.thorcom.com with local (Exim 4.10) id 187j7X-0003Gl-00 for rsgb_lf_group-outgoing@blacksheep.org; Fri, 01 Nov 2002 21:14:23 +0000
Received: from [152.163.225.105] (helo=imo-r09.mx.aol.com) by post.thorcom.com with esmtp (Exim 4.10) id 187j7W-0003Gc-00 for rsgb_lf_group@blacksheep.org; Fri, 01 Nov 2002 21:14:22 +0000
Received: from MarkusVester@aol.com by imo-r09.mx.aol.com (mail_out_v34.13.) id l.cc.146e3ad1 (4262) for <rsgb_lf_group@blacksheep.org>; Fri, 1 Nov 2002 16:13:46 -0500 (EST)
From: MarkusVester@aol.com
Message-ID: <cc.146e3ad1.2af4488a@aol.com>
Date: Fri, 1 Nov 2002 16:13:46 EST
To: rsgb_lf_group@blacksheep.org
MIME-Version: 1.0
X-Mailer: AOL 7.0 for Windows DE sub 10501
Subject: Re: Don't open "Re:LF:Capacity hat puzzle": fen-net
Content-Type: text/html; charset=windows-1252
X-Spam-Status: No, hits=1.4 required=5.0tests=MIME_LONG_LINE_QP,NO_REAL_NAME,QUOTED_EMAIL_TEXT,      SPAM_PHRASE_00_01,USER_AGENT_AOLversion=2.42
X-Spam-Level: *
Sender: <owner-rsgb_lf_group@blacksheep.org>
Precedence: bulk
Reply-To: rsgb_lf_group@blacksheep.org
X-Listname: rsgb_lf_group
Content-transfer-encoding: 8bit

<HTML><FONT FACE=arial,helvetica><FONT  SIZE=2 FAMILY="SANSSERIF" FACE="Arial" LANG="2">Hi Stewart and group,<BR>
<BR>
 I have just had talked to Walter DJ2LF on the phone. We had in fact reinstalled the OS on his computer in September, and named it "PCVONWALTER" (not "PC"). I crosschecked this with the headers of several private messages Walter has sent to me since, and an hour ago we actually verified that the name of his machine has not been changed.<BR>
<BR>
"hugo.fen-net.de" is the dial-in server of the regional provider "Freenet Erlangen-Nuernberg". So if you are using fen-net and you are on the reflector, please check if your machine's name is "PC" (e.g. Start-Einstellungen-Systemsteuerung-Netzwerk-Identifikation-Computername on a German language Win98).<BR>
<BR>
Greetings<BR>
Markus, DF6NM<BR>
<BR>
In einer eMail vom 01.11.02 20:30:04 (MEZ) Mitteleuropäische Zeit schreibt sn@scgroup.com:<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE style="BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px">Hugh is also correct about the fen-net.de origin.&nbsp; There are three things<BR>
about a Bugbear message that are not faked:&nbsp; The outgoing mail server (here<BR>
hugo.fen-net.de aka mail.fen-net.de) is the one normally used by the victim.<BR>
The IP address (here dialin-nbg-018.fen-net.de [212.204.116.18]) is the<BR>
address the machine had when the virus was sent.&nbsp; And the machine name<BR>
(here 'PC') is also not forged.</BLOCKQUOTE><BR>
<BR>
</FONT></HTML>