Re: How to hide a file ?
From: J. J. Horner (jhorner@2jnetworks.com)Date: 01/09/02
- Previous message: Matthew LaGrange: "RE: How to hide a file ?"
- In reply to: H C: "Re: How to hide a file ?"
- Next in thread: H C: "Re: How to hide a file ?"
- Next in thread: Altheide, Cory: "RE: How to hide a file ?"
- Reply: H C: "Re: How to hide a file ?"
- Reply: Jon Zobrist: "Re: How to hide a file ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jan 2002 11:34:00 -0500 From: "J. J. Horner" <jhorner@2jnetworks.com> To: H C <keydet89@yahoo.com>
* H C (keydet89@yahoo.com) [020109 10:52]:
>
> Create a shortcut on the desktop. Right-click, choose
> 'New', then 'Shortcut'. Click browse, and navigate to
> either Explorer.exe or myfile2.txt, in the C:\ads
> directory...I went w/ myfile2.txt. Note the icon.
> Now, after you've created the shortcut, right-click on
> it and open the properties. Go to Target, and add the
> ADS...":sol.exe". Wait a few seconds...and note the
> change to the icon on the desktop...
>
> Fun stuff, eh?!
>
>
Very interesting.
I know this may not be what we are really about, being
more on the good side of the law than bad, but what are the
potential uses for this?
For instance, if we attach an alternate data stream that
exploits an outlook vulnerability to a valid email, and
find a way to run it, we have a very potent email. If
we attach an ads to an html file with the ability to
exploit holes in IE, we have a strange, and pretty
obscure way to hide exploits on websites.
I've seen discussions on how adses can be used to hide a
large amount of data, making it unable to be viewed using
the normal utilities while performing a DOS on the server by
taking up all available space.
I've seen discussions on how virus writers could use an ads
to send a virus to a machine and make it hidden from Antivirus
programs, then just execute it later. If autoprotect is
enabled, preventing a lot of the malicious activities, this
could have limited affects.
The barriers that I have seen:
* Running an ads is not as easy as typing the pseudo-name.
* An ads requires that the :realname.ext section be part
of the filename. This makes them hard to hide and hard
to transport with normal means: web, email, napster, etc.
Attaching an ads to a file associated with the vulnerable
application may help at some point. Unless we become
able to effectively call the ads-infected file without
raising alarms and without undue stealth, we may be lost.
Perhaps I am missing something, but the extent of the uses
of this, to date, appear just to be file-hiding. If
adses can be implemented in a way to attack associated applications,
we may have a serious issue here.
Ideas and comments appreciated.
Thanks,
JJ
-- J. J. Horner "H*","6a686f726e657240326a6e6574776f726b732e636f6d" *************************************************** "H*","6a6a686f726e65724062656c6c736f7574682e6e6574"Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated.
- application/pgp-signature attachment: stored
- Previous message: Matthew LaGrange: "RE: How to hide a file ?"
- In reply to: H C: "Re: How to hide a file ?"
- Next in thread: H C: "Re: How to hide a file ?"
- Next in thread: Altheide, Cory: "RE: How to hide a file ?"
- Reply: H C: "Re: How to hide a file ?"
- Reply: Jon Zobrist: "Re: How to hide a file ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
