Can malware escape ...
 
Notifications
Clear all

Can malware escape from an un-mounted ISO image file?

3 Posts
3 Users
0 Likes
304 Views
(@napalmheroes)
Posts: 1
New Member
Topic starter
 

I do some malware analysis as a hobby and was wondering of a good way to store samples securely. I've heard of some other people using ISO images. Is it possible (or likely) that malware executables could escape out of an ISO image file without being opened/mounted?

The reason I want to know is, if I pack a particular sample into an ISO file and transport it off a system, would the malware be able to infect another system if that ISO were on it (without opening/mounting the ISO). If so, is there a better way of storing the malware securely with little-to-no risk of infection. Other than having a removable disk that is only used for storing the samples.

 
Posted : 22/04/2016 2:11 am
Passmark
(@passmark)
Posts: 376
Reputable Member
 

If you don't run a malware executable, then it can't 'escape'.

The container format doesn't matter, except from the point of view of someone accidentally opening the container and running something.

There are lots of good options to prevent an accident. e.g. a Truecrypt container, encrypted Zip files, etc..

 
Posted : 22/04/2016 5:31 am
(@athulin)
Posts: 1156
Noble Member
 

The reason I want to know is, if I pack a particular sample into an ISO file and transport it off a system, would the malware be able to infect another system if that ISO were on it (without opening/mounting the ISO).

Define 'without opening/mounting'.

If you never put the ISO in a CD/DVD reader ever … no, it won't.

However, if you do, it's more than likely to be automounted, and probably scanned by some antivirus software. And if there are vulnerabilities in that AV, that are addressed by the malware … you've been hit.

If so, is there a better way of storing the malware securely with little-to-no risk of infection.

One way might be to separate malware depending on platform, and never examine malware for platform X on that same platform. That is, never examine Windows malware using a Windows computer.

But you really need to be able to do that kind of analysis yourself.

 
Posted : 22/04/2016 10:14 pm
Share: