Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I understand your point; but I'm struggling to see how this could be weaponized. Keep in mind, that these Dos compatible drive letters need to map to a real NT path endpoint (e.g. a drive/volume); so it isn't clear how the malware could both have a difficult to scan Dos tree while also not exposing that same area elsewhere for trivial scanning.


I'm betting there's some badly written AV software out there which will crash on non-standard drive letters, allowing at least a bit of mayhem.


Not sure if it is natively supported, but the malware can just decrypt a disk image to RAM and create a RAM disk mounted to +. Or it can maybe have a user space driver for a loop device, so the sectors of the drive are only decrypted on the fly.

It would likely break a lot of analysis tools and just generally make things very difficult.


The recovery partition might work if it exists.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: