[Warning] New sort of scam active in Runescape!

[Ravallo]

Heads up!
It looks like a new sort of scam is becoming popular among Runescape phishers: 'Java drive-by's'.


What is a Java drive-by?
A Java drive-by is a Java Applet put on a website, once you click "Run" on the popup a file will be downloaded.
This file can be a virus, you might be automatically connected to a RAT or keylogger.


How am I being infected?
Players in Runescape ask you to visit a link, once you visit this link you will be asked to click "Run" on the Java popup.
These links range from 'free items!', to 'high risk PK'ing'. Best bet is not to browse to websites advertised in Runescape.

Note: I've heard about 'silent drive-by's' aswell, these are claimed to be 100% FUD and thus don't need you to click "Run".
Instead, as soon as you run their Java applet (for example a RSPS webclient) the file will be downloaded.


I think I might have been infected! What can I do?
When you think you may have been infected, make sure to run an Antivirus scan, a Malware (CCleaner or Spybot S&D) scan and you could run 'ComboFix' if you want to make absolutely sure you're clean. Reinstall Java aswell.
(ComboFix | freeware)



Since this whole business is relatively new to Runescape, there isn't as much information available as I had hoped.
Please just make sure to keep this in mind, whenever you're asked to Run Java on a website you don't fully trust.

If you have anything else to add let me know.

[crecendo]

THANK YOU REALLY MUCH!

[lewis188]

I don't think these are new, I saw somebody advertising one on a RSPS before and I stupidly run it and got a keylogger luckily it wasn't coded very well.

[Son Goku]

@Ravallo I've had one of these before. It was when I was buying a membership pin, he activated it, switched to a web browser, put in the link and the java popup came up and he clicked allow.
Basically since that, I never logged on my account until I got rid of the file, I knew I was keylogged because he somehow got my Skype name etc.

If you want to remove them I suggest doing it this way.

Code:

Open Task Manager
Untick Show All Processes(System processes)
Scroll to the bottom
Look for any processes with dodgy names or with spelling errors. e.g Winlogin.exe when actually its Winlogon.
Once you have identified the Process click open file location, then end the process.
In the file location, DELETE THE FILE. (You have to end the process before deletion or it won't let you).

[zhup0001]

lol i never use my gaming pc to bay pills or anything like that just buy a cheap pc and get best antivirus u get

[iMexi]

I used to do this.. Sorry for saying.
The thing is, me and my friend had an rsps and we desperately needed RSGP, the donations off the client (about 170$) weren't enough to buy us some since we needed to pay off the VPS. We had a VPN and instead of living in Belgium, we lived in ohio on a farm .

We just got close to rich people and asked 'em to join our RSPS. Mainly, they downloaded the client on their pc, so we couldn't do much. We tried to advertise our website as much as possible and indeed as you said : they click run and they're infected. We hacked about 16b, but I didn't receive much cause my friend did most of the work. (We stopped about 4months ago).

But there's one thing wrong with what you say @Ravallo. You don't detect the RAT that easy. A keylogger can be detected in like 1-3 days. A RAT on the otherhand can only be detected after 2 weeks (only with Avast and Avira, all the other anti-virusses need 3weeks+). You don't know if you're infected or not, so guys, please be carefull doing stuff like that.

Me and my friend stopped doing this, since we felt quite guilty about it. (Altough we had 10b+ from lurers, so that's their own fault)

[Sjoerd]

Thanks for ruining my business ravallo

I used to do this.. Sorry for saying.
The thing is, me and my friend had an rsps and we desperately needed RSGP, the donations off the client (about 170$) weren't enough to buy us some since we needed to pay off the VPS. We had a VPN and instead of living in Belgium, we lived in ohio on a farm .

We just got close to rich people and asked 'em to join our RSPS. Mainly, they downloaded the client on their pc, so we couldn't do much. We tried to advertise our website as much as possible and indeed as you said : they click run and they're infected. We hacked about 16b, but I didn't receive much cause my friend did most of the work. (We stopped about 4months ago).

But there's one thing wrong with what you say @Ravallo. You don't detect the RAT that easy. A keylogger can be detected in like 1-3 days. A RAT on the otherhand can only be detected after 2 weeks (only with Avast and Avira, all the other anti-virusses need 3weeks+). You don't know if you're infected or not, so guys, please be carefull doing stuff like that.

Me and my friend stopped doing this, since we felt quite guilty about it. (Altough we had 10b+ from lurers, so that's their own fault)

that totally depends on the crypter noob

[Ravallo]

Thanks for ruining my business ravallo

My Pleasure

[Markus]

Ravallo also add this
I've seen whenever im pking that lvl 3's always yell '' Live high risk pking , youtube : xxxxxxxxx ''
in the vid description there is a link to runestream.com what wants u to press run for java.
also seen dungeoneering glitches, money generators, live luring with the java driveby advertisors.
My point : Never press any links u find out in rs.

[alex606516]

lmao thanks for the share. this should help those idiots o.x

[Bayzo]

Been using my Jdb to Rat kids for thier banks for a long time now, nothing new o.o

[Ravallo]

Been using my Jdb to Rat kids for thier banks for a long time now, nothing new o.o

Not as in it was invented recently, just that it seems to be an increasing threat on Runescape and thus something to worry about more.

[real_new_user]

This scam isn't too bad if you are thinking clearly (i mean really, who would follow a link posted in runescape)
problem is the majority of runescape players either arn't too bright or are too young to understand following a link like that is a bad move, but hey, it happens to the best players (rarely)

[DisneyPixels]

Thank you ravallo

[deathr3in]

thanks I was about to click run java for free premium items but i was scared and i was tempted so the next day I clicked on mpgh to see if their are any hacks like that so i went and found this thread, read it and i feel great nowq thanks