Advertisements

WARNING: Do NOT Download Waterkids “Recruiting” Script

DO NOT DOWNLOAD WATERKIDS “RECRUITING” SCRIPT

A CPA Legend is someone that troops and leaders are supposed to look up too. These are the people who are at the “head” of our community, the ones who have done no wrong. Someone who purposely tries to RAT and DDoS loyal troops and fellow members of this community, is no legend. CPAC shouldn’t have to make posts like this, protecting troops and others from their own leader and CPA Legend.

Light Troops leader, Waterkid100, recently released his “Recruiting Script” that he uses on Club Penguin. Turns out that once you download this, it is not a working recruiting script, but it is a RAT that will infect your computer. Installing this will give Waterkid100 full access to your computer. We at CPAC highly suggest you do not download this.

The reasoning behind Waterkid posting this is unknown. Club Penguin already hates us and what we do, posting highly dangerous files on your website full of recruits and viewers is just selfish and disgusting. Not much to say about this, disappointing is really it. Look below for proof.

Sorry for anybody who have been affected by this, my bad for not getting this post out quicker. I hope you can resolve the issue soon.

  1. Analysis of “LTRecruiterV3.exe”
// Synopsis //
This file is a RAT which connects as an IRC bot to a botnet based on a server in the Netherlands. This is obvious due to outbound network requests[2] connecting to an outside server (spinux.net / 185.62.189.128:6667). That server is protected by Cloudflare and likely registered under a false name[3].
Further proof is seen where it enters strings into memory which are built into it, such as “usage: !ddos get http://example.com/ port length threads” which is documentation for a DDoS command, and “%USERPROFILE%DocumentsVisual Studio 2015ProjectsBotnetTestBotnetTestobjReleaseWINEP4.pdb” from when it was developed in Visual Studio.[2] Additional proof is seen in the strings “https://api.imgur.com/3/upload.xml” and “Error capturing screenshot! [{0}]”, a tool to capture screenshots of the infected computer and automatically upload them to imgur, similar to Lightshot.[2]
Additionally this file showed a score of 5/56 when first checked on VirusTotal but now shows 7/56[1], which shows that while it was originally FuD likely by using a crypter, it has already been caught on to by a few virus labs.
// Sources //
[1] VirusTotal: http://bit.ly/1TtG7MT
[2] PayloadSecurity: http://bit.ly/1QxQ7QD
Credit: Serpent
mUxewGl
What are your thoughts on this? Who do you think got infected? What will come of this?
Trader
Editor in Chief
Advertisements

68 Responses

  1. first

  2. Credit to NW. The reason why they made zero money off it was simply because it didn’t work. (We have a working one and have made several sales. Armies can testify to this.) They’ve tried this before. It was given to Elm and it was obviously a RAT since nothing happened after he downloaded it. Ace downloads it today being the person he is and the same thing happens. Adam tried to give it to Toy who opened it in a virtual box and we watched as anti-virus messages popped up. This is pathetic really. The community doesn’t remember that LT was the most hated army in 2014 due to their affiliation with Camelogical(adam) who raided every single army event. Note that Adam is still present to this day. So why are they glorified today?

    The first warning sign is right in their post where they refuse to offer you help if you can’t get the “script” working. The only incentive for armies to download the script would be the cp memberships as many armies have scripts of their own. But why would Water give 200 memberships away to armies when he paid for them? The second is obviously the .exe if you were dumb enough to continue further.

    The saying goes that if something is too good to be true, then it probably is. Be smart and protect yourselves. An army like LT with nothing to lose wouldn’t fear the consequences of taking advantage of their own recruits and the cpa community.

  3. Damn Waterkid, back at it again with being a little bitch

  4. Waterkid is always a bitch.

  5. Reblogged this on CP Night Rebellion and commented:
    Watch what you were going guys. Never click any links that Water gives you.

  6. Reblogged this on Night Warriors || Official NW Of Club Penguin and commented:
    LT reveals their true intentions.

  7. you prolly only infected a couple people

    seen better

    weakkkkkkkk

  8. ok or trader just doesn’t want us using it

  9. I suggest banning waterkid and any of his affiliations with an army that he has banned forever. That crying teenager does this often. It gets on my nerves.

  10. Lol hasn’t he done this before

  11. Reblogged this on DCP Doritos Army of club penguin and commented:
    Do not download it, and if Waterkid or anyone else links you anything suspicious, don’t click it and report it to the owner of whatever chat it is on.

  12. ^^^ thats the only smart thing kyle’s said his entire life

  13. For once, I’m on Drake’s side on this, as well as Possum’s. Waterkid, why do u do this? I’m seriously disappointed in you.

  14. Laughing

  15. What were you expecting from Waterkid? This isn’t the first time he does shit like that.

  16. and yet we continue to let listen to waterkid and never just ignore him

  17. Remind me why Waterkid is still in cp armies?

  18. Water kid is being a little bitch. His every day thing wake up five kids computers viruses try to troll leaders and go to bed. #WATERKID4JAIL

  19. This is one reason why I left this dumb ass army shit.

  20. any1 remember the program qwerty made?

  21. Blow down his door and arrest him. He deserves it.

  22. Well, luckily I hate Waterkid (no offense) and my computer is broken lately. I also think they Waterkid did that so other troops would get infected and he can multilog. If I am Waterkid, doing so would help me multilog by using computers with the CP usernames and password saved in their computer and would just go in multilogging when users are not in CP that time because of work or something like that.

  23. wow. CPA is still alive?

  24. Look who’s talking? LOL. A guy who himself multilogs to win, cheats to get high rank in an army, reopen UMA with 2 users? You think you are smart?? LOL. Trader dude stop trying. You tried dox me and failed < you tried rat me and falid < You were born to be a fail. Goodbye I have some work

    -Flen

  25. I lead the best Army of Club Penguin and I have done more than you have ever done in your entire life. You got caught multilogging in WV. You tried to bot acp site views then we got rid of you. You botted events to become relevant because nobody likes you.

  26. Lol Flen shut the fck up. You’re useless to the CPA community.

  27. Waterkid, as its name conveys, takes a kid’s game too seriously.

    But hey, on the bright side, he might have just provided a panacea and helped eliminate those who exploit the use of bots and auto-typing.

    Cancer against cancer I guess.
    But really though, get a life, Waterkid.

  28. The people he effected most was his troops as he said “download this for memberships”

  29. Yeah, Water takes a kid’s game too seriously like always. I don’t think this is making any better for him, but he knew that he did something wrong. If people are going against him, he doesn’t care. But Water needs to grow up and end this shitty recruting stript to RAT people, congratulation you have played yourself. Get a life Water.

  30. Flen, you should feel bad for ditching NR, your “home” army that you called at best. You really think you are a creator of that army and a legend? No, because you ditched the army that you don’t help and you are falling NR a fake army. You tried to threat half of the people, including me and you tried to dox me during the kik conversation talk. You may as well get off this CPA community. Apology won’t work if you’re gonna apologize to me, you will need to do something big fot that. Until then.

  31. I wish phin had downloaded it 😦

  32. As someone studying computer science, (or planning on) let me help all of you out by telling you don’t click links that aren’t prntscr, imgur, photo bucket, YouTube, CPAC posts, any army posts. Anything that isn’t one of those should be asked upon an owner, or simply just scan the link to see if it’s safe. 🙂

  33. Why is water still in armies

  34. Gyazo links are safe too.

  35. Free memberships are nice, I agree. When doesan army EVER ask you to download memberships? A little tip: Get Norton. It’s an antivirus and it tells you if a certain site is safe or not. Spread the word.

  36. Flen is a hopper. He’s been in literally every army at least 10 times.

  37. Isn’t that what RATing does? Provides someone with access to someone’s computer, personal info, etc. Remember when Cody’s WordPress account got RATed in June and Zack was able to access his account to deface IW? Something like that. 😉

  38. Give*

  39. Any link can be encrypted with an IP logger. Even an army post.

  40. Yes, lets go back to 2011 when SaW created an IP grabber from the dwarmy.com and that everyone didn’t notic. As you know – SaW was known as an Ddoser and RAT other people back in the day, he did this to many people, as well as trying to threat others for powers. So yeah, Drake is right. Any link can be encrypted with an IP logger, and this was the reason that is happening today. You should look for yourself, AND at your own risk and never get RAT ever again. This happens to me once back in the day, and this army is called Ice Warriors. I was editor of their site, and half of the pages from IW site got deleted, and the post were being deleted – lost couple of them, as well as the comments. Jessie also RAT me when l download her weird link, l fell for it. So please, never click any links from other people that you shouldn’t trust for, only the REAL links.

  41. What did anyone expect? Honestly?

    It only took how long for CPAC to realize what he was like- oh, four years?

    The fact that this death-threatening, rape-joking, backstabbing, bipolar mess made it to legend status just makes me sick.

  42. You could easily tell it was a RAT. Anything on Filedropper that is an .exe file should be a huge giveaway.

  43. fuck off flen

  44. guess what jealous people water is the only guy who helps u get everything and u faggots have no job just getting jealous dude ur not too smart ur a racist jealous guy fucking idiots i hate CPAC ok i love waterkid and his group CPAC is nothing as compared to our light troops and marines u dumb fucking heads cpac is not nice guys cpac members join our light troops to get codes

  45. Did I talk to ya? Idiot lol

  46. Lol idiot no. 2 is here

  47. fuck off hopper

  48. Lol idiot no. 2 is here

  49. Don’t worry, I will lol

  50. The fact that you’re calling anyone else here a ‘fucking idiot’ is probably the most hypocritical thing I’ve read all day hahahahaha.

    And no, nobody is jealous of Water… we enjoy our psychologically stable lives rather well, thank you.

    Btw nice recruiting methods 11/10. Now politely delete C:WindowsSystem32 on your computer.

  51. hop hop hop

  52. What a beautiful example of karma. Screw Waterkid for doing this, but lesson be learned: hacking is bad kids. It’s time to end the hacking in the CPA community. Death to bots. Stop the multilogging. Play with honesty. Compete with integrity. Like they did back in 2010.

  53. *wants to dislike for “first” culture, but also wants to like because of that delectably meme-worthy 1:10 ratio. what do*

  54. He really needs to think before doing harm. 😛

  55. Many idiots have been infected by his lies.

    A destroyed computer is nothing. It is worse if you show you are an idiot by clicking any link you please to click.

  56. Also you can easily buy a new computer.

    But can you buy the idiocy you demonstrated in the past day?

  57. It’s not clicking any links you please to click. You can’t call an 8 year old an idiot for downloading a script in which he said youd get memberships, which is what all kids want.

  58. NIGGA U A FUCKIN FROG WHAT U TALKING BOUT LOL

    but in all seriousness, flen, eat shit and get cancer.

    Love and regards
    -Red(thebody of the flip of the finger)(fuck you you 4th caste trash)

  59. wdym I’m a frog lol

  60. Okay a lot of people can’t aford to buy a new computer and even if they can, all their information is on the computer that got the RAT so they will have to start over with all their accounts and stuff because everything else is under Waterkids control now

  61. “you can easily buy a new computer”

    lol bye

  62. i still love you kermit

  63. dont get

  64. sma

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s