Zip Bomb

Zip bomb, decompression bomb or the zip of death is a malicious archive file designed to crash or render the program or system reading it.
Consider a very simple compression algorithm that counts the consecutive numbers of 1s and 0s and replace them with the number followed by the bit.
For example: 111100111 is compressed to 412031 (four ones, two zeros and three ones).
You can try this on your own computer. Fill a text file with a massive number of only one character (a file full of ‘0’s), the file size will be in gigabytes but when compressed will become only a few kilobytes.

Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
This will result in crashing the antivirus allowing the attacker to slip in any malware.
A famous zip bomb is the 42.zip archive.
It is a ’42 kilobytes’ of size archive, that contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.
So, if you extract all files, you will end up with 4.5 petabytes of data. This will for sure fill up all of your systems space.
Download the 42.zip archive from here: https://www.unforgettable.dk/
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s