NTFS Streams: Rootkit In-the-WIld?
there is a discussion over at sysinternals about a rootkit found itw. apparently, it uses ntfs streams to hide.
this vulnerability is being “discovered” about once every 2 years, and now we can see what appears to be a first use for it (that we know of). we first reported it in 1998:
ido discussed the ntfs streams issue a few days ago:
you can read more about it here: