Good post sOnIc !

p.s change the link to "http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=exploit&id=3989" .

Another way of hiding files would be in "streams". Its aint as easy to exploit as the example above though.


Source: www.securityfocus.com

Several Windows file-wiping utilities fail to completely wipe some files on WinNT, Win2000 or WinXP that use NTFS file systems. Standard programs, like Word or Excel, do not use the secondary data streams - where file remnants might be left even after data has been securely deleted.

In any case, wiping a disk entirely will destroy such data. but information contained within the alternate data stream which is attached to a file (such as the thumbnail of an image) or directory remains intact on the hard drive data, when the file or directory is wiped.

It's unlikely that users store sensitive information using alternate data streams (which must be "explicitly created", as the advisory points out). However alternate data streams can provide a location where attack tools, snippets of virus code or the like can reside; and few virus scanners look there for malicious code, unless specifically configured to do so.

This is less bad than it may seem at first because viruses would have to go out of "stealth mode" to cause any harm.

Users can workaround the problem of data inadvertently stored in alternate data streams by using the "wipe free space" feature present in most secure file deletion utilities, but this is time-consuming. Encrypting disc partitions also creates an effective barrier for the recovery of data, though this is not bullet proof.

Other sources of information:

www.theregister.co.uk
www.securityfocus.com
www.microsoft.com/technet/