Hide files using Alternate Data Streams

Windows has its share of threats which can be manipulated by a creative hacker.Microsoft incorporated  NTFS system which allowed for  greater data  Hide files using Alternate Data Streamscompression and file storage algorithms but a relatively less known compatibility feature of NTFS, Alternate Data Streams (ADS) provides hackers with a method of hiding root kits or hacker tools on a breached system and allows them to be executed without being detected by the computer user.

However,dangerous it sounds,its amazingly easy to create ADS and require almost little or no skill on the part of hacker.ADS works by storing 2 data streams on single memory location,and simple DOS commands like “type” are used to create an ADS. These commands are used in conjunction with a redirect [>] and colon [:] to fork one file into another.

For instance:  the command

type c:\anyfile.exe > c:\winnt\system32\cmd.exe:anyfile.exe

will fork the common windows command program with an ADS “anyfile.exe.”

Once can hide his/her files using this method and they are almost impossible to detect.



1 comment:

Need to say something ? Spell it out :)