May 1, Krebs on Security (International) Service automates boobytrapping of hacked sites. One aspect of hacks seldom examined is the method by which attackers automate the booby-trapping and maintenance of their hijacked sites. This is another aspect of the cybercriminal economy that can be outsourced to third-party services. Often known as “iFramers,” such services can simplify the task of managing large numbers of hacked sites that are used to drive traffic to sites that distribute malware and browser exploits. A decent iFramer service will allow customers to verify large lists of file transfer protocol (FTP) credentials used to administer hacked Web sites, scrubbing lists of invalid credential pairs. The service will then upload the customer’s malware and malicious scripts to the hacked site, and check each link to ensure the trap is properly set. Currently, a huge percentage of malware in the wild has the built-in ability to steal FTP credentials from infected PCs. This is possible because those who administer Web sites often use FTP software to upload files and images, and allow those programs to store their FTP passwords. Thus, many modern malware variants will simply search for popular FTP programs on the victim’s system and extract any stored credentials. Some services offer a menu of extras to help customers maintain their Web-based minefields.