Hide files using Alternate Data Streams
Do you like this story?
Windows has its share of threats which can be manipulated by a creative hacker.Microsoft incorporated NTFS system which allowed for greater data 
compression and file storage algorithms but a relatively less known compatibility feature of NTFS, Alternate Data Streams (ADS) provides hackers with a method of hiding root kits or hacker tools on a breached system and allows them to be executed without being detected by the computer user.
However,dangerous it sounds,its amazingly easy to create ADS and require almost little or no skill on the part of hacker.ADS works by storing 2 data streams on single memory location,and simple DOS commands like “type” are used to create an ADS. These commands are used in conjunction with a redirect [>] and colon [:] to fork one file into another.
For instance: the command
type c:\anyfile.exe > c:\winnt\system32\cmd.exe:anyfile.exe
will fork the common windows command program with an ADS “anyfile.exe.”
Once can hide his/her files using this method and they are almost impossible to detect.
POSTED BY XERO .ALL RIGHTS RESERVED.
About the author : Rishabh Dangwal
Rishabh Dangwal is a no-nonsense network geek who has got a thing for guitars, retro games and emulators. When he is not tinkering with devices and gadgets, he can be found reading novels by Fredrick Forsyth. Follow him on Twitter
2 Responses to “Hide files using Alternate Data Streams”
July 23, 2009 5:39 PM
Nice post RD !
July 23, 2009 6:41 PM
Thanks Bro :)
Post a Comment
Need to say something ? Spell it out :)