Zip bomb

An archive bomb is a file packed by data compression content whose mutilated purpose is to take an unexpectedly high multiple of their size when extracting or to entice software to unpack into an infinite loop. The packed contents can be, for example, graphics files with the same old patterns or text files containing repetitive strings. Such regularities can be extremely highly compressed. They can also exploit any bug in the decompression software to create recursion.

Of attack

The predominant line of attack of the archive bombs are e- mails to which they are attached. Such e- mail is not very large and should not be recognizable at first glance hazard and the most firewalls do not recognize due to their functioning archive bombs so that they get as a normal file attachments in the email client of the user.

Archive bombs are not primarily intended to be unpacked by the user, but are mainly oriented towards anti-virus programs: These scan files - even those inside archives - often already at the input file. For this, the archives have to be unpacked into a temporary storage area. There is a risk that the unpacked files fill the memory or the hard drive and get the system completely to a halt. In addition, the scanning process requires a lot of computing time. With recursive archive bombs however, the system typically remains functional, only the virus scanner can its task ( ie scanning the archive) never complete. This type of archive bombs can be counteracted by the anti -virus software archives incoming checks only up to a certain depth. The attack is thus an attempt at a denial of service.

Query the size information in the attributes of the archive has no additional benefit, as they can be manipulated, for example by hex editor.

Examples

42.zip

A well-known archive bomb 42.zip. Five-time packed recursive, its size is only 42 kilobytes. When unpacking, however, the data volume grows by the hundreds of billions of times to 4.5 petabytes: The file name is " 42" takes - except on the file size - reference to the question " according to Life, the Universe and Everything" from the filmed novel and radio play the Hitchhiker's Guide to the Galaxy by Douglas Adams.

Structure Total number contains uncompressed total size                                      Files1 ) each (byte ) 42.zip2 ) 1,048,576 16 folder 4.503.599.626.321.920 ( 4.5 PB)    → lib0.zip ... libf.zip3 ) 1,048,576 16 folder 4.503.599.626.321.920 ( 4.5 PB)     → book0.zip ... bookf.zip 65,536 16 folder 281.474.976.645.120 (281 TB)      → chapter0.zip ... chapterf.zip 17.592.186.040.320 (17 TB) 4,096 16 folder       → doc0.zip ... docf.zip 256 16 folder 1.099.511.627.520 (1 TB)        → page0.zip ... pagef.zip 16 1 file 68,719,476,720 (68 GB)         → 0.dll4 ) 1 4.294.967.295 (4.3 GB) Notes:

More

A " Zip Files All The Way Down" mentioned method is similar to 42.zip - here, however, a zip, gzip or tar file is created that contains recursively itself.

Documents

  • Malware
Phrases from The Hitchhiker's Guide to the Galaxy#Answer to the Ultimate Question of Life.2C the Universe.2C and Everything .2842.29 Digital container format Filename Kaspersky Lab
8181
de