Heads up!
It looks like a new sort of scam is becoming popular among Runescape phishers: 'Java drive-by's'.
What is a Java drive-by?
A Java drive-by is a Java Applet put on a website, once you click "Run" on the popup a file will be downloaded.
This file can be a virus, you might be automatically connected to a RAT or keylogger.
How am I being infected?
Players in Runescape ask you to visit a link, once you visit this link you will be asked to click "Run" on the Java popup.
These links range from 'free items!', to 'high risk PK'ing'. Best bet is not to browse to websites advertised in Runescape.
Note: I've heard about 'silent drive-by's' aswell, these are claimed to be 100% FUD and thus don't need you to click "Run".
Instead, as soon as you run their Java applet (for example a RSPS webclient) the file will be downloaded.
I think I might have been infected! What can I do?
When you think you may have been infected, make sure to run an Antivirus scan, a Malware (CCleaner or Spybot S&D) scan and you could run 'ComboFix' if you want to make absolutely sure you're clean. Reinstall Java aswell.
Since this whole business is relatively new to Runescape, there isn't as much information available as I had hoped.
Please just make sure to keep this in mind, whenever you're asked to Run Java on a website you don't fully trust.
If you have anything else to add let me know.