Hiding a directory through the FAT table
- by hennobal
I've looked into the FAT file system, trying to find a way to make a directory hidden from view of the user.
This has been done with malware previously, so it should be possible. The SpyEye trojan hid inside a directory C:\cleansweep.exe\ which was only reachable through the command line.
I know deletion is possible by substituting the first character of the directory in the FAT table with 0xE5, but then it will not be accessible.
Any ideas on how the scenario from SpyEye can be recreated? Any filesystem is interesting, but ideally FAT or NTFS.