My PC is infected. If I download and burn linuxmint.iso on the infected PC, will the CD become infected also?

    Boot on a live CD obtained from a trusted source -- then download and burn your ISO. Commented Sep 20, 2014 at 20:44
  • I bet money the NSA has developed these capabilities, heaven help you if they are in your threat model...
It is almost certainly technically possible that malware could intercept and modify an ISO being downloaded, and also give a false report to any tools designed to verify hashes of the downloaded file.

But I would rate this threat as extremely improbable.

  • The malware would have to recognize an ISO is being downloaded and that it was bootable. It would then probably need to modify the bootloader on the ISO image to include a copy of the malware that will run before any OS is functional. To evade detection it would also need to keep track of the blocks that were in a valid file, and then lie to any hash checking tools that examined the file, or CD-ROM.

This simply isn't something common malware would be designed to do.

So, if you happen to be trying to build weapons of mass destruction, you might need to worry about this type of threat. If you are a typical home user, this is just not something that would ever be part of common malware.

    @3456 If you don't happen to be a billionaire or other person of interest who is specifically targeted by custom malware the chances of anything like this happening is non existent.
    Thinking about it from a use-case and turnaround aspect, if I were writing malware, only a fraction of a fraction of a percent of infections, if any, would actually run through this scenario. I think you're just fine. Commented Sep 20, 2014 at 0:32
    This answer contains personal speculation, with no evidence. Me, I wouldn't rate it as improbable or far-fetched at all. Remember those floppy viruses back in the day? That's exactly what they did, except with floppies instead of CDs. Bottom line: if your machine is infected with malware, you can't know what it might do, but I can tell you one thing: you have no basis for trust in the contents of that CD. Trusting that CD is bad practice, and if you are doing anything security-critical, it's a really bad idea.
    @D.W. It's impossible to prove that such malware doesn't exist (lack of known implementations isn't a proof), but knowledgeable persons may be able to assure you that existence of such malware is highly improbable. I believe that 10k rep users who participated in beta of this site are rather credible and they don't post until they are sure they are right. Until a counterexample is found, I believe this answer can be trusted. Comparing CDs to floppies is incorrect, CDs are read-only and burning is completely unlike just copying files.
Woah. Using an infected machine for this is dangerous and not likely to be a good idea. What you are considering doing is poor security hygiene. If you are using the CD for anything security-critical, you definitely should not do this.

"Will the CD become infected?" is not a question that can be answered. You can't know what the malware might do.

Could the CD become infected? Yes, absolutely. It would be totally feasible for malware to automatically infect all bootable images written to a CD. In fact, remember those floppy boot viruses, that used to spread from PC to PC via floppy discs, way back in the 90's? Well, that's exactly how they worked. So we're not talking about something crazy far-fetched or rocket science here; there's plenty of precedent for something like this happening.

Is it likely to happen to you? That's something we can't answer, in the absence of detailed knowledge about things like: (a) who you are, (b) who your enemies might be, (c) who might have an incentive to try to attack you, (d) what widely deployed malware kits do, etc. Odds are that even you don't know the answer to all of those, and certainly you haven't provided that information in the question. So there is very little basis for making a prediction about how likely it is to happen to you.

Is burning a CD from an infected PC good practice? No way. Absolutely not. This is definitely bad practice. If your PC is infected, you absolutely cannot trust anything burned on it. You can't trust an infected PC. It might do any old thing.

No, your CD should be fine if you download Linux mint and burn it. The ISO image would very unlikely be targeted by your infected PC (Never heard of this happening on a fresh ISO), assuming your PC is in good enough shape to accomplish this task. Then you can boot from that CD, reformat the drive, and install Linux Mint and it'll be like new.

But if you're not confident about the virus or if you think that the image got compromised, you can check the MD5 checksum, generally the Linux distros shows in their webpages this info, so you can compare this info with your own ISO copy.

Or better yet, if this is an option at all just grab a flash drive or CD and grab the link via a friend's computer quick, then reformat and install. This would eliminate any of these rare issues mentioned.

You also didn't mention what your infected computer's "symptoms" are, which could be really helpful. If you do install and still have these "symptoms", the more likely reason than an infected ISO would be a virus at the BIOS level or even in your modem or router. And yes, I have had an infected computer once that I reset only to find out it was the modem. Let us know what you find out, and best of luck.

    What information is missing exactly>?
    you can mark it as 'read-only' - Malware, particular rootkits have no requirement to respect filesystem ACLs or attributes. Making an ISO read-only on a filesystem would be pointless. you can check the MD5 checksum - It has been shown to be possible to modify files and still get an identical MD5 sum. MD5 is a broken protocol and should not be relied on for this reason. Plus if the malware was a rootkit, it could simply lie to the OS when it was retrieving the file data to calculate the sum.
    An honest kudos to how well you all can brainstorm something so unlikely and unthought of. That's why this is such a great place to bring questions. I know it sounds it but I honestly don't mean sarcasm. There's some excellent problem solvers here, and it's great for spreading knowledge. The only problem in this case is this user is probably now scared out of there mind =) So really @3456, although all this is real and possible, your probably more likely to be eaten by a shark =)
    This answer is full of wishful thinking. There's no basis for claiming "you should be fine". Malware could totally bypass this defense, either by tampering with the file before you marked it as read-only, or by tampering with what is written to the CD, or in any number of other ways. To readers: if you're doing anything security-critical, don't rely on this answer. It's bad practice.
As far as I know there are no viruses that infect or damage iso images. But theoretically there can be virus that can damage iso file and thus burned CD.

BUT can you burn CD and make some steps to make sure with big probability that it is not infected or damaged!

  1. Most Linux distros will have md5 and SHA-1 and other checksums in the download page. Write somewhere the checksum of your downloaded iso.
  2. Burn the CD with verification option on! (many cd burner software have verification option, for example CDBurnerXP). If verification is successful then the burned CD is same as iso.
  3. Now check your downloaded iso checksum (lots of free tools to check file checksum, just use google) and compare it to one that was at iso download page. If two checksums match then your burned CD with big probability is not damaged or infected.

These steps with help you with big probability but there still remains theoretical chance that CD can be damaged or infected, but it is very low. Virus must be very technologically advanced to bypass all checks in my steps.

Dont try to make iso from CD you have burned and compare it to your downloaded iso. They will be different anyway!

