sw.l33t-milf.info( 100k reptile bots spreading via ms exploit)

This is one of the biggest irc botnets still active 13 leafs full of bots
I estimated the botnet size to 100k considering the number of leafs 13 but the real size can be bigger

Domain names used to control bots:

sw.l33t-milf.info
pics.l33t-ppl.info

Resolved : [sw.l33t-milf.info] To [95.48.93.250]
Resolved : [sw.l33t-milf.info] To [85.159.163.42]
Resolved : [sw.l33t-milf.info] To [208.125.158.219]
Resolved : [sw.l33t-milf.info] To [212.170.205.179]
Resolved : [sw.l33t-milf.info] To [80.2.60.232]
Resolved : [sw.l33t-milf.info] To [192.117.148.103]
Resolved : [sw.l33t-milf.info] To [46.214.145.230]
Resolved : [sw.l33t-milf.info] To [94.156.162.165]
Resolved : [sw.l33t-milf.info] To [59.180.210.189]
Resolved : [sw.l33t-milf.info] To [89.228.97.248]
Resolved : [sw.l33t-milf.info] To [189.35.205.123]
Resolved : [sw.l33t-milf.info] To [211.72.230.83]
Resolved : [sw.l33t-milf.info] To [139.91.102.100]

Resolved : [pics.l33t-ppl.info] To [211.72.230.83]
Resolved : [pics.l33t-ppl.info] To [212.170.205.179]
Resolved : [pics.l33t-ppl.info] To [192.117.148.103]
Resolved : [pics.l33t-ppl.info] To [94.156.162.165]
Resolved : [pics.l33t-ppl.info] To [189.35.205.123]
Resolved : [pics.l33t-ppl.info] To [208.125.158.219]
Resolved : [pics.l33t-ppl.info] To [89.228.97.248]
Resolved : [pics.l33t-ppl.info] To [85.159.163.42]
Resolved : [pics.l33t-ppl.info] To [46.214.145.230]
Resolved : [pics.l33t-ppl.info] To [81.94.153.174]
Resolved : [pics.l33t-ppl.info] To [95.48.93.250]
Resolved : [pics.l33t-ppl.info] To [59.180.210.189]
Resolved : [pics.l33t-ppl.info] To [80.2.60.232]

irc server:
sw.l33t-milf.info:6667

Now talking in #sw#
Topic On: [#sw# ] [ .dl http://dl.dropbox.com/u/66752663/v/f/ms.exe 12]
Topic By: [ Deno ]
Modes On: [ #sw# ] [ +smntMu ]
(VV) .sort
(VV) .sort

Now talking in #USA
Topic On: [ #usa ] [ .msn ATTENTION! You are infected with a msn worm, which may cause damage or in some cases loss of your files, we reccomend you download and use our free remover http://goo.gl/d7vwY ]
Topic By: [ Deno ]

pics.l33t-ppl.info:6667

NICK {iNF-00-USA-XP-COMP-2129}
USER TbT * 0 :COMP
JOIN ##TBT
NICK {00-USA-XP-COMP-5805}
PRIVMSG {00-USA-XP-COMP-..@ :[Current task] Idling [System uptime] 0 days (00 hours & 01 mins) [Bot Uptime] 0 days (00 hours & 00 mins)

Now talking in ##TBT
Topic O: [ ##TBT ] [ .scan SVRSVC_BRUTE 100 5 0 -b -r ]
Topic By: [ Deno ]
Modes On: [ ##TBT ] [ +smntMuN 12]

Samples:
Download
Download
Download
Download
Download

alot of people claiming to be “coders” around hecking boards say that ircd is dead is old etc but look at irc here 13 leafs full of infected machines exploiting windows vulnerabilities
this reptile mod by the owner of this botnet wich is named Dee is better then any “private” bot like ngrBot or other shit being sold around

Domain owners:
http://whois.domaintools.com/l33t-milf.info
http://whois.domaintools.com/l33t-ppl.info theyre both registered with http://www.enom.com
let’s see if eNom will shut them down or just ignore the abuses i allready send to them

Emails used to register these domains:
Domain Name:L33T-PPL.INFO
Admin Email:admin.dalnet@gmail.com

Domain Name:L33T-MILF.INFO
Admin Email:i78@hotmail.com