This is news to me.

Windows has for many years had a feature called "alternate data streams" whereby one or more files can in effect be hidden within another file or folder. These alternate data streams aren't regular hidden files and aren't displayed in Windows Explorer. One way of seeing them is to use the "dir" command with the "/r" switch, in a command window.

More details here: Hide sensitive files with Alternate Data Streams.

Why questionable downloads use rar archives - Len Boyette explains that when malware is hidden by means of alternate data streams within WinRar archives, many anti-virus programs are not able to detect it.


via [personal profile] andrewducker

Profile

djinncoyote

September 2017

S M T W T F S
     1 2
3456789
10111213141516
17181920212223
24252627282930

Syndicate

RSS Atom

Most Popular Tags

Active Entries

Style Credit

Expand Cut Tags

No cut tags