Vulnerability Development mailing list archives
Re: How to hide a file ?
From: "J. J. Horner" <jhorner () 2jnetworks com>
Date: Wed, 9 Jan 2002 11:34:00 -0500
* H C (keydet89 () yahoo com) [020109 10:52]:
Create a shortcut on the desktop. Right-click, choose 'New', then 'Shortcut'. Click browse, and navigate to either Explorer.exe or myfile2.txt, in the C:\ads directory...I went w/ myfile2.txt. Note the icon. Now, after you've created the shortcut, right-click on it and open the properties. Go to Target, and add the ADS...":sol.exe". Wait a few seconds...and note the change to the icon on the desktop... Fun stuff, eh?!
Very interesting. I know this may not be what we are really about, being more on the good side of the law than bad, but what are the potential uses for this? For instance, if we attach an alternate data stream that exploits an outlook vulnerability to a valid email, and find a way to run it, we have a very potent email. If we attach an ads to an html file with the ability to exploit holes in IE, we have a strange, and pretty obscure way to hide exploits on websites. I've seen discussions on how adses can be used to hide a large amount of data, making it unable to be viewed using the normal utilities while performing a DOS on the server by taking up all available space. I've seen discussions on how virus writers could use an ads to send a virus to a machine and make it hidden from Antivirus programs, then just execute it later. If autoprotect is enabled, preventing a lot of the malicious activities, this could have limited affects. The barriers that I have seen: * Running an ads is not as easy as typing the pseudo-name. * An ads requires that the :realname.ext section be part of the filename. This makes them hard to hide and hard to transport with normal means: web, email, napster, etc. Attaching an ads to a file associated with the vulnerable application may help at some point. Unless we become able to effectively call the ads-infected file without raising alarms and without undue stealth, we may be lost. Perhaps I am missing something, but the extent of the uses of this, to date, appear just to be file-hiding. If adses can be implemented in a way to attack associated applications, we may have a serious issue here. Ideas and comments appreciated. Thanks, JJ -- J. J. Horner "H*","6a686f726e657240326a6e6574776f726b732e636f6d" *************************************************** "H*","6a6a686f726e65724062656c6c736f7574682e6e6574" Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated.
Attachment:
_bin
Description:
Current thread:
- Re: How to hide a file ?, (continued)
- Re: How to hide a file ? Ron DuFresne (Jan 08)
- Re: How to hide a file ? Blue Boar (Jan 09)
- RE: How to hide a file ? Mike Theriault (Jan 08)
- RE: How to hide a file ? Matthew LaGrange (Jan 08)
- RE: How to hide a file ? John Stauffacher (Jan 08)
- RE: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- RE: How to hide a file ? John Stauffacher (Jan 08)
- Re: How to hide a file ? Jon Zobrist (Jan 09)
- RE: How to hide a file ? Ken Pfeil (Jan 08)
- Re: How to hide a file ? bugtraq (Jan 08)