| ▲ | Someone1234 5 hours ago | |
I understand your point; but I'm struggling to see how this could be weaponized. Keep in mind, that these Dos compatible drive letters need to map to a real NT path endpoint (e.g. a drive/volume); so it isn't clear how the malware could both have a difficult to scan Dos tree while also not exposing that same area elsewhere for trivial scanning. | ||
| ▲ | rwmj 4 hours ago | parent | next [-] | |
I'm betting there's some badly written AV software out there which will crash on non-standard drive letters, allowing at least a bit of mayhem. | ||
| ▲ | avidiax an hour ago | parent | prev | next [-] | |
Not sure if it is natively supported, but the malware can just decrypt a disk image to RAM and create a RAM disk mounted to +. Or it can maybe have a user space driver for a loop device, so the sectors of the drive are only decrypted on the fly. It would likely break a lot of analysis tools and just generally make things very difficult. | ||
| ▲ | buzer 3 hours ago | parent | prev [-] | |
The recovery partition might work if it exists. | ||