<https://www.zdnet.com/article/this-phishing-campaign-uses-an-odd-tactic-to-infect-windows-pcs-with-two-forms-of-trojan-malware/> The attackers are spreading malware as executables in small ISO disk images. I'm adding iso to $bad_exts in filter_bad_filename.