0
I have received a mail from a company .com.jo pretending it was a DHL notice.
It was clearly not as the pdf file had in fact an .iso extension.
As far as I know, such files are system images, so that launching it can practically replace your system.
I wonder, however, what would happen if I double click on it. Would it automatically start? Is it a new type of threat? So far, I haven't found information about such files.
Marc Vanhoomissen
Posted 2019-03-04T15:04:05.143
Reputation: 113
2
An ISO file is a whole disk image, but it is not necessarily self-executing. It is treated by the OS and software as an archive, much like ZIP or TAR files.
It is possible that this file is a Zip (well, ISO) bomb, relying on flaws in an archiver such as Windows built-in ISO viewer or 7-Zip to crash the system.
It is also possible that the file contains password-protected malware -- by using a password, the file cannot be evaluated by antimalware tools.
Since it arrived in an obvious phishing attack, handle with care, of course.
DrMoishe Pippik
Posted 2019-03-04T15:04:05.143
Reputation: 13 291
Actually, it is never self-executing. Autorun was disabled years ago, for good reasons. You’d have to confirm explicitly that you want to launch an autorun application, if present. – Daniel B – 2019-03-04T15:31:45.827
In my case, I haven't seen any password in the message but it has not been detected as an infected message by my Bitdefender software. – Marc Vanhoomissen – 2019-03-04T16:33:21.317
0
"if I double click on it. Would it automatically start?"
It could, never double click unknown files.
Open it with a compression utility like 7-Zip, this will show the contents of the iso without any danger. You can even extract portions of the iso (if it is actually an iso) if you wish.
Moab
Posted 2019-03-04T15:04:05.143
Reputation: 54 203
Most archive programs can extract an ISO, the dangers of extracting a malicious archive file are well known. Don't attempt to open the archive. Just delete the email. – Ramhound – 2019-03-04T19:04:45.327