Alternate Data Streams… WARNING

I came across this issue today… thankfully my network environement security uses both eTrust and Tripwire, so this should not be a big problem here, but I think it’s should be watched for. Basically, this is a way to hide spyware or incriminating (hacker) tools by casting or forking the file into another file. The original size will show the same and even the actual running process is hidden from process explorers, the only thing that changes is the modification date. Also, this only runs on NTFS and moving the file to another file system will corrupt the hidden file.

Network Security, Tutorials/Whitepapers, Virus Alerts, Windows Read More