This is news to me.

Windows has for many years had a feature called "alternate data streams" whereby one or more files can in effect be hidden within another file or folder. These alternate data streams aren't regular hidden files and aren't displayed in Windows Explorer. One way of seeing them is to use the "dir" command with the "/r" switch, in a command window.

More details here: Hide sensitive files with Alternate Data Streams.

Why questionable downloads use rar archives - Len Boyette explains that when malware is hidden by means of alternate data streams within WinRar archives, many anti-virus programs are not able to detect it.


via [personal profile] andrewducker

Profile

djinncoyote

February 2017

S M T W T F S
   1234
567891011
121314151617 18
19202122232425
262728    

Syndicate

RSS Atom

Most Popular Tags

Active Entries

Style Credit

Expand Cut Tags

No cut tags