Streams, are a concept that exists in a NTFS file system which represents a property of a file. Within a stream, it is possible to hide information of any size, where the existence of this information is not shown in the file system. The only way to extract that information is to know the stream's name.
Credit:
The information has been provided by Joxean Koret.
It isn't in any way a new technique, the first proof of concept of hidding malware into an NTFS data stream was published at 2000. Apparently the technique wasn't so popular and due to this fact the 75% (or more) of the anti-virus industry have been ignore it.
The technique is as simple as follow. Download a virus file, even an old one. Call it, in example, 'iloveyou.vbs'. Next, go to a command prompt:
C:\>echo I'm an inocent file. > file.txt
C:\>type file.txt
I'm an inocent file.
C:\>dir
Volume in drive C has no label.
Volume Serial Number is 8475-DDEF
C:\>more < file.txt:virus.vbs
rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group /
(...)
---More---
Now, try scanning your system with your preferred vulnerable antivirus product. The first file in a normal data stream 'iloveyou.vbs' will (surely) be detected but not the copy of it stored in an alternate data stream of the apparently innocent file c:\file.txt.
