Hiding a directory through the FAT table

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by hennobal on Super User See other posts from Super User or by hennobal
Published on 2012-10-13T13:04:11Z Indexed on 2012/10/13 15:43 UTC
Read the original article Hit count: 222

Filed under:
|
|

I've looked into the FAT file system, trying to find a way to make a directory hidden from view of the user.

This has been done with malware previously, so it should be possible. The SpyEye trojan hid inside a directory C:\cleansweep.exe\ which was only reachable through the command line.

I know deletion is possible by substituting the first character of the directory in the FAT table with 0xE5, but then it will not be accessible. Any ideas on how the scenario from SpyEye can be recreated? Any filesystem is interesting, but ideally FAT or NTFS.

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about filesystems

Related posts about malware

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle