Thursday, June 4, 2009

Article on renaming files to hide them

I ran across an article in a popular Thai magazine named "Computer Today" (http://www.ctmthailand.com) that I found interesting. I don't read Thai, but I was browsing through it looking at the pictures and saw a picture of a file called "my secret.txt" and then it was renamed to "my.sys", so it caught my attention and I was curious what they were teaching.





I had the article translated and it is basically an article on how to hide data by renaming a file that you want to keep from prying eyes to something like "my.sys" and placing it in an obscure folder like the Windows folder.

Nothing earth shatering here about this technique, but I found it very interesting to find an article like this is a mainstream published magazine and it just reinforces why we go through the trouble of file signature analysis, hash analysis, keyword searching & metadata analysis.

1 comments:

H. Carvey Thursday, 04 June, 2009  

Lance...great point! Very often, malware is "hidden" in the system32 directory, as a DLL (Conficker/Downadup), or simply *not* named "mymalware.exe".

Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles