In computing, a zip bomb, also known as a decompression bomb or zip of death, is a malicious

archive file In computing, an archive file is a computer file that is composed of one or more files along with metadata. Archive files are used to collect multiple data files together into a single file for easier portability and storage, or simply to compre ...

designed to crash or render useless the program or system reading it. It is often employed to disable

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

, in order to create an opening for more traditional malware. A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, creates an archive that requires an excessive amount of time, disk space, or memory to unpack. Most modern antivirus programs can detect whether a file is a zip bomb in order to avoid unpacking it.

Details and use

A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle. One example of a zip bomb is the file ''42.zip'', which is a zip file consisting of 42

kilobyte The kilobyte is a multiple of the unit byte for digital information. The International System of Units (SI) defines the prefix '' kilo'' as 1000 (103); per this definition, one kilobyte is 1000 bytes.International Standard IEC 80000-13 Quant ...

s of compressed data, containing five layers of nested zip files in sets of 16, each bottom-layer archive containing a 4.3-

gigabyte The gigabyte () is a multiple of the unit byte for digital information. The prefix '' giga'' means 109 in the International System of Units (SI). Therefore, one gigabyte is one billion bytes. The unit symbol for the gigabyte is GB. This definit ...

(; − ) file for a total of (; − ) of uncompressed data. This file is available for download on various websites across the Internet, making it widely accessible. In many anti-virus scanners, only a few layers of

recursion Recursion (adjective: ''recursive'') occurs when a thing is defined in terms of itself or of its type. Recursion is used in a variety of disciplines ranging from linguistics to logic. The most common application of recursion is in mathematic ...

are performed on archives to help prevent attacks that would cause a

buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memo ...

, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often rely on repetition of identical files to achieve their extreme compression ratios.

Dynamic programming Dynamic programming is both a mathematical optimization method and a computer programming method. The method was developed by Richard Bellman in the 1950s and has found applications in numerous fields, from aerospace engineering to economics. ...

methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear. There are also zip files that, when uncompressed, yield identical copies of themselves. A sophisticated form of zip bomb exploits the specifications of zip files and the Deflate compression algorithm to create bombs without the use of nested layers as used in ''42.zip''.

References

{{DEFAULTSORT:Zip Bomb Types of malware Algorithmic complexity attacks Denial-of-service attacks Computer archives

Details and use

See also

References