Zip bomb
In computing, a zip bomb, also known as a decompression bomb or zip of death (ZOD), is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional malware.[1]
A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, creates an archive that requires an excessive amount of time, disk space, or memory to unpack.[2]
Most modern antivirus programs can detect whether a file is a zip bomb in order to avoid unpacking it.[3]
Details and use
A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle.
One example of a zip bomb is the file 42.zip, which is a
There are also zip files that, when uncompressed, yield
See also
- Billion laughs attack, a similar attack on XML parsers
- Black fax
- Busy beaver, a program that produces the maximum possible output before terminating
- E-mail bomb
- Fork bomb
- Logic bomb
- Online algorithm, limit discovered rather than declared
References
- ^ at 14:35, John Leyden 23 Jul 2001. "DoS risk from Zip of death attacks on AV software?". www.theregister.co.uk.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - OCLC 1097121557.
- ^ Bieringer, Peter (2004-02-12). "AERAsec - Network Security - Eigene Advisories". Archived from the original on 2016-03-03. Retrieved 2011-02-19.
- ^ "42.zip". unforgettable.dk.
- ^ "research!rsc: Zip Files All The Way Down". research.swtch.com.
- ^ "Quine.zip".
- ^ "A better zip bomb". www.bamsoftware.com.