1

have a question about a downloaded "bad" file, i was redirected to a page from a link and, because i used chrome, it automatically downloaded a .iso file and saved it on the C drive in the downloads folder.

I am confident that the file is malicious and I immediately removed it and also removed it from the bin, on windows. Is it possible for the .iso file to do something bad without me clicking on it or mounting it? or am i safe because I deleted it quickly?

Thanks for the help! - and if it is bad, any suggestions on fixes? I simple just re install windows.

Limit
  • 3,236
  • 1
  • 16
  • 35
Jhon122
  • 11
  • 1
  • 1
  • 3
  • if it was saved without opening, i don't see how it can hurt anything. – dandavis Aug 14 '16 at 21:20
  • @dandavis well in theory there could be a zero-day in the browser, the file explorer, or the filesystem so it would run malicious code before you even open the file. In reality though, that's extremely rare. – André Borie Aug 15 '16 at 02:14

4 Answers4

2

According to the post on Superuser here, I would say it is safe to say it can't run anything malicious. Pavium's reply is:

I think it's more accurate to say 'a virus can't execute itself, unless it has the cooperation of the Operating System and/or software bugs and/or the user.

If the OS allows files to be executed automatically because of their name or location (for example an email attachment) then a virus can masquerade as a legitimate file and be executed by the OS without user intervention. This used to be the default behaviour in early email clients.

Also, if the OS or specific software has errors that a virus can exploit to run its code, then a virus can start itself.

But users are most often the means for a file to be executed. I was surprised recently when a work-colleage told me she thought her computer had a virus after she opened an attachment in an email from a complete stranger. I thought she would have known better.

I really liked the fact he mentioned:

if the OS or specific software has errors that a virus can exploit to run its code, then a virus can start itself.

This statement can't be true enough. Around the time I've worked with exploits, and always keeping an eye on the exploit database, the code that's most powerful is, I believe taking advantage of a systems own error. So, the summary is, unless your OS has an error it can exploit to run itself, it can run malicious code and do damage it intends to do. Unlikely, though.

Xanmashi
  • 370
  • 1
  • 8
1

Really, I'm surprised the attacker would pick ISO as an attack file. I didn't think users could easily open it by default. Not as easily as many other file types anyway...

What damage can a malicious .iso file cause without explicitly executing it?

A malicious file in this case would be a program of unwanted actions to take on your computer. If the program is not executed, then it is as safe as a printed product.

have a question about a downloaded "bad" file, i was redirected to a page from a link and, because i used chrome, it automatically downloaded a .iso file and saved it on the C drive in the downloads folder.

Google Chrome has a built-in list of file types that have the potential to be used in drive-by attacks, in other-words file types that can be executed automatically.

Viruses do not execute themselves, but certain file types (i.e. .dll) can be placed such that they are executed by another program automatically. ISO is not among those types.

I am confident that the file is malicious and I immediately removed it and also removed it from the bin, on windows. Is it possible for the .iso file to do something bad without me clicking on it or mounting it?

No, just keep in mind some hackers use Click-Jacking to get you to automatically open the file once it appears in the download tray. Fortunately, for ISO this is less of an issue, and there is a built-in delay in Chrome to help prevent Click-Jacking.

or am i safe because I deleted it quickly?

Well time doesn't really relate, but for the reasons above, it looks like it could not have done damage.

Thanks for the help! - and if it is bad, any suggestions on fixes? I simple just re install windows.

If your computer were hacked, the first thing would be to immediately cut internet access to prevent theft of your private files, or installation of additional badware. A full OS re-install is the safest option, as anti-virus does have its limits. There are rare cases where viruses can install themselves into the flashable firmware of various hardware on your computer, but that is uncommon due to the higher development cost on the part of the attacker.

Sounds like the attack was unsuccessful. :-)

700 Software
  • 13,897
  • 3
  • 53
  • 82
  • 1
    This comment didnt age well, considering the recent wave of malspam campaigns using the ISO/IMG files. – onkkno May 29 '21 at 07:53
0

Some exploits are against a program that would process the data - classically there was an exploit that used a malformed jpg to exploit a known flaw in a jpg library.

Another possibility is that there's a second part of the evil plan, that you're not aware of, which will execute the malicious program. You clicking is a common way, but not the only way, to get malware to execute.

ddyer
  • 1,984
  • 1
  • 12
  • 20
  • Thanks for the response, if there was a problem would you say that a windows reinstall would fix everything as in malishous programs? - a final fix all solotion? – Jhon122 Aug 14 '16 at 23:11
  • A Windows reinstall wouldn't effect BIOS viruses or viruses that infect peripherals (like a too-smart USB keyboard). The ultimate "nuke it from orbit" solution is to recycle the computer and get a new one. – Andrew Aug 15 '16 at 17:59
0

A malicious file may run some code when it is processed, for example if there is a security vulnerability in the software you use to read the ISO file. However, since you wrote that you did not open or mount the file, it is unlikely that any malicious code has been run.

if there was a problem would you say that a windows reinstall would fix everything?

Malicious software typically is installed on your hard drive, but there are other possibilities. It is possible that doing a clean install will not remove the malicious software.

Sjoerd
  • 28,897
  • 12
  • 76
  • 102