Zip bomb
Encyclopedia
A zip bomb, also known as a Zip of Death or decompression bomb, is a malicious archive
file
designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software
, so that a more traditional virus sent afterwards could get through undetected.
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
A zip bomb is usually a small file (up to a few hundred kilobyte
s) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.
The technique has been used on dialup bulletin board system
s at least as long as compressing data archive programs have been around.
Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it.
One example of a Zip bomb was the file "42.zip" which was 42 kilobyte
s of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte
(4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5 petabyte
s (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed data.
This file is still available for download on various websites across the internet.
File archiver
A file archiver is a computer program that combines a number of files together into one archive file, or a series of archive files, for easier transportation or storage...
file
Computer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
, so that a more traditional virus sent afterwards could get through undetected.
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
A zip bomb is usually a small file (up to a few hundred kilobyte
Kilobyte
The kilobyte is a multiple of the unit byte for digital information. Although the prefix kilo- means 1000, the term kilobyte and symbol KB have historically been used to refer to either 1024 bytes or 1000 bytes, dependent upon context, in the fields of computer science and information...
s) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.
The technique has been used on dialup bulletin board system
Bulletin board system
A Bulletin Board System, or BBS, is a computer system running software that allows users to connect and log in to the system using a terminal program. Once logged in, a user can perform functions such as uploading and downloading software and data, reading news and bulletins, and exchanging...
s at least as long as compressing data archive programs have been around.
Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it.
One example of a Zip bomb was the file "42.zip" which was 42 kilobyte
Kilobyte
The kilobyte is a multiple of the unit byte for digital information. Although the prefix kilo- means 1000, the term kilobyte and symbol KB have historically been used to refer to either 1024 bytes or 1000 bytes, dependent upon context, in the fields of computer science and information...
s of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte
Gigabyte
The gigabyte is a multiple of the unit byte for digital information storage. The prefix giga means 109 in the International System of Units , therefore 1 gigabyte is...
(4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5 petabyte
Petabyte
A petabyte is a unit of information equal to one quadrillion bytes, or 1000 terabytes. The unit symbol for the petabyte is PB...
s (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed data.
This file is still available for download on various websites across the internet.
See also
- Billion laughsBillion laughsIn computer security, a billion laughs attack is a type of denial-of-service attack which is aimed at parsers of XML documents.It's also referred to as an XML bomb or as an exponential entity expansion attack....
, a similar attack on XML parsers - Busy beaverBusy beaverIn computability theory, a busy beaver is a Turing machine that attains the maximum "operational busyness" among all the Turing machines in a certain class...
, a program that produces the maximum possible output before terminating - E-mail bombE-mail bombIn Internet usage, an email bomb is a form of net abuse consisting of sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack....
- Logic bombLogic bombA logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met...