WARNING: Do NOT Download Waterkids “Recruiting” Script

DO NOT DOWNLOAD WATERKIDS “RECRUITING” SCRIPT

A CPA Legend is someone that troops and leaders are supposed to look up too. These are the people who are at the “head” of our community, the ones who have done no wrong. Someone who purposely tries to RAT and DDoS loyal troops and fellow members of this community, is no legend. CPAC shouldn’t have to make posts like this, protecting troops and others from their own leader and CPA Legend.

Light Troops leader, Waterkid100, recently released his “Recruiting Script” that he uses on Club Penguin. Turns out that once you download this, it is not a working recruiting script, but it is a RAT that will infect your computer. Installing this will give Waterkid100 full access to your computer. We at CPAC highly suggest you do not download this.

The reasoning behind Waterkid posting this is unknown. Club Penguin already hates us and what we do, posting highly dangerous files on your website full of recruits and viewers is just selfish and disgusting. Not much to say about this, disappointing is really it. Look below for proof.

Sorry for anybody who have been affected by this, my bad for not getting this post out quicker. I hope you can resolve the issue soon.

  1. Analysis of “LTRecruiterV3.exe”
// Synopsis //
This file is a RAT which connects as an IRC bot to a botnet based on a server in the Netherlands. This is obvious due to outbound network requests[2] connecting to an outside server (spinux.net / 185.62.189.128:6667). That server is protected by Cloudflare and likely registered under a false name[3].
Further proof is seen where it enters strings into memory which are built into it, such as “usage: !ddos get http://example.com/ port length threads” which is documentation for a DDoS command, and “%USERPROFILE%DocumentsVisual Studio 2015ProjectsBotnetTestBotnetTestobjReleaseWINEP4.pdb” from when it was developed in Visual Studio.[2] Additional proof is seen in the strings “https://api.imgur.com/3/upload.xml” and “Error capturing screenshot! [{0}]”, a tool to capture screenshots of the infected computer and automatically upload them to imgur, similar to Lightshot.[2]
Additionally this file showed a score of 5/56 when first checked on VirusTotal but now shows 7/56[1], which shows that while it was originally FuD likely by using a crypter, it has already been caught on to by a few virus labs.
// Sources //
[1] VirusTotal: http://bit.ly/1TtG7MT
[2] PayloadSecurity: http://bit.ly/1QxQ7QD
Credit: Serpent
mUxewGl
What are your thoughts on this? Who do you think got infected? What will come of this?
Trader
Editor in Chief

68 Responses

  1. first

    Like

  2. Credit to NW. The reason why they made zero money off it was simply because it didn’t work. (We have a working one and have made several sales. Armies can testify to this.) They’ve tried this before. It was given to Elm and it was obviously a RAT since nothing happened after he downloaded it. Ace downloads it today being the person he is and the same thing happens. Adam tried to give it to Toy who opened it in a virtual box and we watched as anti-virus messages popped up. This is pathetic really. The community doesn’t remember that LT was the most hated army in 2014 due to their affiliation with Camelogical(adam) who raided every single army event. Note that Adam is still present to this day. So why are they glorified today?

    The first warning sign is right in their post where they refuse to offer you help if you can’t get the “script” working. The only incentive for armies to download the script would be the cp memberships as many armies have scripts of their own. But why would Water give 200 memberships away to armies when he paid for them? The second is obviously the .exe if you were dumb enough to continue further.

    The saying goes that if something is too good to be true, then it probably is. Be smart and protect yourselves. An army like LT with nothing to lose wouldn’t fear the consequences of taking advantage of their own recruits and the cpa community.

    Like

    • Well, luckily I hate Waterkid (no offense) and my computer is broken lately. I also think they Waterkid did that so other troops would get infected and he can multilog. If I am Waterkid, doing so would help me multilog by using computers with the CP usernames and password saved in their computer and would just go in multilogging when users are not in CP that time because of work or something like that.

      Like

      • Isn’t that what RATing does? Provides someone with access to someone’s computer, personal info, etc. Remember when Cody’s WordPress account got RATed in June and Zack was able to access his account to deface IW? Something like that. 😉

        Like

  3. Damn Waterkid, back at it again with being a little bitch

    Like

  4. Waterkid is always a bitch.

    Like

  5. Reblogged this on CP Night Rebellion and commented:
    Watch what you were going guys. Never click any links that Water gives you.

    Like

  6. Reblogged this on Night Warriors || Official NW Of Club Penguin and commented:
    LT reveals their true intentions.

    Like

  7. you prolly only infected a couple people

    seen better

    weakkkkkkkk

    Liked by 1 person

  8. ok or trader just doesn’t want us using it

    Like

  9. I suggest banning waterkid and any of his affiliations with an army that he has banned forever. That crying teenager does this often. It gets on my nerves.

    Like

  10. Lol hasn’t he done this before

    Like

  11. Reblogged this on DCP Doritos Army of club penguin and commented:
    Do not download it, and if Waterkid or anyone else links you anything suspicious, don’t click it and report it to the owner of whatever chat it is on.

    Like

  12. For once, I’m on Drake’s side on this, as well as Possum’s. Waterkid, why do u do this? I’m seriously disappointed in you.

    Like

  13. Laughing

    Like

  14. and yet we continue to let listen to waterkid and never just ignore him

    Like

  15. Remind me why Waterkid is still in cp armies?

    Like

  16. Water kid is being a little bitch. His every day thing wake up five kids computers viruses try to troll leaders and go to bed. #WATERKID4JAIL

    Like

  17. This is one reason why I left this dumb ass army shit.

    Liked by 1 person

  18. any1 remember the program qwerty made?

    Like

  19. Blow down his door and arrest him. He deserves it.

    Like

  20. wow. CPA is still alive?

    Like

  21. Waterkid, as its name conveys, takes a kid’s game too seriously.

    But hey, on the bright side, he might have just provided a panacea and helped eliminate those who exploit the use of bots and auto-typing.

    Cancer against cancer I guess.
    But really though, get a life, Waterkid.

    Like

  22. I wish phin had downloaded it 😦

    Liked by 1 person

  23. As someone studying computer science, (or planning on) let me help all of you out by telling you don’t click links that aren’t prntscr, imgur, photo bucket, YouTube, CPAC posts, any army posts. Anything that isn’t one of those should be asked upon an owner, or simply just scan the link to see if it’s safe. 🙂

    Like

    • Gyazo links are safe too.

      Like

    • Any link can be encrypted with an IP logger. Even an army post.

      Like

      • Yes, lets go back to 2011 when SaW created an IP grabber from the dwarmy.com and that everyone didn’t notic. As you know – SaW was known as an Ddoser and RAT other people back in the day, he did this to many people, as well as trying to threat others for powers. So yeah, Drake is right. Any link can be encrypted with an IP logger, and this was the reason that is happening today. You should look for yourself, AND at your own risk and never get RAT ever again. This happens to me once back in the day, and this army is called Ice Warriors. I was editor of their site, and half of the pages from IW site got deleted, and the post were being deleted – lost couple of them, as well as the comments. Jessie also RAT me when l download her weird link, l fell for it. So please, never click any links from other people that you shouldn’t trust for, only the REAL links.

        Like

    • Don’t worry, I will lol

      Like

  24. Why is water still in armies

    Like

  25. What did anyone expect? Honestly?

    It only took how long for CPAC to realize what he was like- oh, four years?

    The fact that this death-threatening, rape-joking, backstabbing, bipolar mess made it to legend status just makes me sick.

    Liked by 1 person

  26. You could easily tell it was a RAT. Anything on Filedropper that is an .exe file should be a huge giveaway.

    Liked by 1 person

  27. guess what jealous people water is the only guy who helps u get everything and u faggots have no job just getting jealous dude ur not too smart ur a racist jealous guy fucking idiots i hate CPAC ok i love waterkid and his group CPAC is nothing as compared to our light troops and marines u dumb fucking heads cpac is not nice guys cpac members join our light troops to get codes

    Liked by 1 person

  28. What a beautiful example of karma. Screw Waterkid for doing this, but lesson be learned: hacking is bad kids. It’s time to end the hacking in the CPA community. Death to bots. Stop the multilogging. Play with honesty. Compete with integrity. Like they did back in 2010.

    Like

  29. Many idiots have been infected by his lies.

    A destroyed computer is nothing. It is worse if you show you are an idiot by clicking any link you please to click.

    Like

What do YOU think? Comment your opinion!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: