Hi.
Yet another way of hiding malware and malicious code.
By using hardware service area space it is possible to hide data.
"this paper we will demonstrate how spinning hard-drives’ service areas
can be used to hide data from the operating-system (or any software using the
standard OS’s API or the standard ATA commands to access the hard-drive).
These reserved areas are used by hard-drive vendors to store modules that in
turn operate the drive, and in a sense, together with the ROM, serve as the
hard-drive’s internal storage and OS. By sending Vendor Specific Commands
(VSCs) directly to the hard-drive, one can manipulate these areas to read
and write data that are otherwise inaccessible. This should not be confused
with DCO or HPA which can be easily detected, removed and accessed via
standard ATA commands."
http://www.recover.co.il/SA-cover/SA-cover.pdf
Interesting reading
/M
