Would malware be able to hide itself in the controller somehow or otherwise be able to effectively hide files itself from both windows and Linux?
-
Related items: http://security.stackexchange.com/questions/2592/is-disabling-auto-run-enough-to-protect-against-malicious-code-from-removable-me , http://security.stackexchange.com/questions/37927/can-a-connected-usb-device-read-all-data-from-the-usb-bus – Deer Hunter Nov 05 '13 at 08:00
1 Answers
Short answer is no. Both Windows and Linux offers direct ways to hide file from traditional directory listings:
- On Windows, you can add "Hidden file" property to a file,
- On Linux, the file is considered hidden if the name begins with a dot (.). So, would have a file whose name begins with a dot and with 'hiden' attribute set, it would be invisible to both Windows and Linux standard directory listings and default file browser navigation.
Moreover, a malware could also use more advanced tricks, but this would be more OS dependant. For instance on Windows some malware are known to store data in user's files metadata, a functionality offered by Windows allowing to associate a potentially large amount of data to a file: this data avoid to create any new file, is accessible under Windows, and as far as know is not visible under Linux (Linux only show an inconsistency between file space actually used by the file ("du -sh") and remaining free space ("df -h") in case of large data stored this way).
This is just an example, usually malware can be quite inventive to hide themselves...
- 19,142
- 4
- 59
- 107