I was notified earlier about tracox.pwnz.org, which has been reported as a botnet C&C for the Spybot.AVEO infection (Trend Micro has it pegged as WORM_IRCBOT.ABJ). After reading up on this, I'd strongly urge everyone blackhole it asap.
Trend Micro's writeup also has reference to it's contacting r30686.ovh.net (yep, OVH again) which resides at 18.104.22.168, so I'd suggest blackholing that one too. This IP houses;
Not only does this worm steal gaming related details from the infection computer, it also monitors for specific sites such as banks, PayPal, RapidShare etc, and attempts to spread across network shares.
You can read the full details on this one at;
Finland's CERT also has a writeup (translated) referencing the OVH IP as being part of the "Chuck Norris" infection;
Incidentally, if anyone has a sample of this, please drop me an e-mail.