Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Details and use 2 See also 3 References

Zip bomb

●العربية ●Čeština ●Dansk ●Deutsch ●Español ●فارسی ●Français ●한국어 ●Bahasa Indonesia ●Italiano ●עברית ●മലയാളം ●Nederlands ●日本語 ●Polski ●Português ●Română ●Русский ●Simple English ●اردو ●中文 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version In other projects ●Wikimedia Commons Appearance From Wikipedia, the free encyclopedia

In computing, a zip bomb, also known as a decompression bomborzip of death (ZOD), is a malicious archive file designed to crash or render useless the program or system reading it. The older the system or program, the more likely it is to fall for it. It is often employed to disable antivirus software, in order to create an opening for more traditional malware.^[1]

A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, creates an archive that requires an excessive amount of time, disk space, or memory to unpack.^[2]

Most modern antivirus programs can detect whether a file is a zip bomb in order to avoid unpacking it.^[3]

Details and use

[edit]

A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle.

One example of a zip bomb is the file 42.zip, which is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom-layer archive containing a 4.3-gigabyte (4294967295 bytes; 4 GiB − 1 B) file for a total of 4.5 petabytes (4503599626321920 bytes; 4 PiB − 1 MiB) of uncompressed data.^[4] This zip bomb is freely available for download online. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear.

There are also zip files that, when uncompressed, yield identical copies of themselves.^[5]^[6] A sophisticated form of zip bomb exploits the specifications of zip files and the Deflate compression algorithm to create bombs without the use of nested layers as used in 42.zip.^[7]

References

[edit]

^ at 14:35, John Leyden 23 Jul 2001. "DoS risk from Zip of death attacks on AV software?". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)

^ Pelton, Joseph N (28 August 2018). Smart cities of today and tomorrow : better technology, infrastructure and security. Springer. ISBN 978-3-319-95822-4. OCLC 1097121557.

^ Bieringer, Peter (2004-02-12). "AERAsec - Network Security - Eigene Advisories". Archived from the original on 2016-03-03. Retrieved 2011-02-19.

^ "42.zip". unforgettable.dk.

^ "research!rsc: Zip Files All The Way Down". research.swtch.com.

^ "Quine.zip".

^ "A better zip bomb". www.bamsoftware.com.

Information security

Related security categories

Threats

Defenses

Retrieved from "https://en.wikipedia.org/w/index.php?title=Zip_bomb&oldid=1228846978" Categories: ●Types of malware ●Algorithmic complexity attacks ●Denial-of-service attacks ●Computer archives Hidden categories: ●CS1 maint: numeric names: authors list ●Articles with short description ●Short description is different from Wikidata ●This page was last edited on 13 June 2024, at 14:33 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view