RE: [MLUG] Alternative Data Streams

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: RE: [MLUG] Alternative Data Streams
From: Mike Miller <EMAIL:PROTECTED>
Date: Mon, 11 Sep 2006 10:42:29 -0500 (CDT)
Delivery-date: Mon, 11 Sep 2006 10:42:55 -0500
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

On Mon, 11 Sep 2006, Harris, Michael C. wrote:

I realize this isn't a Windows list but this has been around for a long time (better than 10 years) a good detailed explanation and demonstration can be found at http://www.securityfocus.com/infocus/1822

This has been a common method used in malware, root kits, droppers etc for many years. Often files are hidden within alt data streams in trash can and temp file spaces in particular.

Make a file hidden and system in trash can directors and the system won't clean it up and it will be largely invisible. The alt stream directory content can hide there for a long time.

I guess this explains why people often can't figure out what's wrong with their PC and they end up reformatting and reinstalling the OS. I guess some of the better malware detectors know what to do.

Mike

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- RE: [MLUG] Alternative Data Streams
  - From: "McKibben, James" <EMAIL:PROTECTED>

References:
- RE: [MLUG] Alternative Data Streams
  - From: "Harris, Michael C." <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] Alternative Data Streams
Next by Date: [MLUG] OpenOffice won't run in Gentoo after update
Previous by thread: RE: [MLUG] Alternative Data Streams
Next by thread: RE: [MLUG] Alternative Data Streams
Index(es):
- Date
- Thread