Zip bomb

Last updated March 13, 2024

In computing, a zip bomb, also known as a decompression bomb or zip of death (ZOD), is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional malware.^[1]

Details and use

A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle.

One example of a zip bomb is the file 42.zip, which is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom-layer archive containing a 4.3-gigabyte (4294967295 bytes; 4 GiB − 1 B) file for a total of 4.5 petabytes (4503599626321920 bytes; 4 PiB − 1 MiB ) of uncompressed data.^[4] This zip bomb is freely available for download online. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear.

There are also zip files that, when uncompressed, yield identical copies of themselves.^[5]^[6] A sophisticated form of zip bomb exploits the specifications of zip files and the Deflate compression algorithm to create bombs without the use of nested layers as used in 42.zip.^[7]

Related Research Articles

gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and intended for use by GNU. Version 0.1 was first publicly released on 31 October 1992, and version 1.0 followed in February 1993.

Lossless compression is a class of data compression that allows the original data to be perfectly reconstructed from the compressed data with no loss of information. Lossless compression is possible because most real-world data exhibits statistical redundancy. By contrast, lossy compression permits reconstruction only of an approximation of the original data, though usually with greatly improved compression rates.

PCX, standing for PiCture eXchange, is an image file format developed by the now-defunct ZSoft Corporation of Marietta, Georgia, United States. It was the native file format for PC Paintbrush and became one of the first widely accepted DOS imaging standards, although it has since been succeeded by more sophisticated image formats, such as BMP, JPEG, and PNG. PCX files commonly store palette-indexed images ranging from 2 or 4 colors to 16 and 256 colors, although the format has been extended to record true-color (24-bit) images as well.

zlib is a software library used for data compression as well as a data format. zlib was written by Jean-loup Gailly and Mark Adler and is an abstraction of the DEFLATE compression algorithm used in their gzip file compression program. zlib is also a crucial component of many software platforms, including Linux, macOS, and iOS. It has also been used in gaming consoles such as the PlayStation 4, PlayStation 3, Wii U, Wii, Xbox One and Xbox 360.

bzip2 is a free and open-source file compression program that uses the Burrows–Wheeler algorithm. It only compresses single files and is not a file archiver. It relies on separate external utilities for tasks such as handling multiple files, encryption, and archive-splitting.

In computing, Deflate is a lossless data compression file format that uses a combination of LZ77 and Huffman coding. It was designed by Phil Katz, for version 2 of his PKZIP archiving tool. Deflate was later specified in RFC 1951 (1996).

ZIP is an archive file format that supports lossless data compression. A ZIP file may contain one or more files or directories that may have been compressed. The ZIP file format permits a number of compression algorithms, though DEFLATE is the most common. This format was originally created in 1989 and was first implemented in PKWARE, Inc.'s PKZIP utility, as a replacement for the previous ARC compression format by Thom Henderson. The ZIP format was then quickly supported by many software utilities other than PKZIP. Microsoft has included built-in ZIP support in versions of Microsoft Windows since 1998 via the "Plus! 98" addon for Windows 98. Native support was added as of the year 2000 in Windows ME. Apple has included built-in ZIP support in Mac OS X 10.3 and later. Most free operating systems have built in support for ZIP in similar manners to Windows and macOS.

compress is a Unix shell compression program based on the LZW compression algorithm. Compared to gzip's fastest setting, compress is slightly slower at compression, slightly faster at decompression, and has a significantly lower compression ratio. 1.8 MiB of memory is used to compress the Hutter Prize data, slightly more than gzip's slowest setting.

RAR is a proprietary archive file format that supports data compression, error correction and file spanning. It was developed in 1993 by Russian software engineer Eugene Roshal and the software is licensed by win.rar GmbH. The name RAR stands for Roshal Archive.

Cabinet is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for maintaining archive integrity. Cabinet files have .cab filename extensions and are recognized by their first four bytes MSCF. Cabinet files were known originally as Diamond files.

<span class="mw-page-title-main">7-Zip</span> Open-source file archiver

7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own archive format called 7z, but can read and write several others.

The Lempel–Ziv–Markov chain algorithm (LZMA) is an algorithm used to perform lossless data compression. It has been under development since either 1996 or 1998 by Igor Pavlov and was first used in the 7z format of the 7-Zip archiver. This algorithm uses a dictionary compression scheme somewhat similar to the LZ77 algorithm published by Abraham Lempel and Jacob Ziv in 1977 and features a high compression ratio and a variable compression-dictionary size, while still maintaining decompression speed similar to other commonly used compression algorithms.

7z is a compressed archive file format that supports several different data compression, encryption and pre-processing algorithms. The 7z format initially appeared as implemented by the 7-Zip archiver. The 7-Zip program is publicly available under the terms of the GNU Lesser General Public License. The LZMA SDK 4.62 was placed in the public domain in December 2008. The latest stable version of 7-Zip and LZMA SDK is version 23.01.

WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part and self-extracting archives.

rzip is a huge-scale data compression computer program designed around initial LZ77-style string matching on a 900 MB dictionary window, followed by bzip2-based Burrows–Wheeler transform and entropy coding (Huffman) on 900 kB output chunks.

LHA or LZH is a freeware compression utility and associated file format. It was created in 1988 by Haruyasu Yoshizaki, a doctor and originally named LHarc. A complete rewrite of LHarc, tentatively named LHx, was eventually released as LH. It was then renamed to LHA to avoid conflicting with the then-new MS-DOS 5.0 LH command. The original LHA and its Windows port, LHA32, are no longer in development because Yoshizaki is busy at work.

ARC is a lossless data compression and archival format by System Enhancement Associates (SEA). The file format and the program were both called ARC. The format is known as the subject of controversy in the 1980s, part of important debates over what would later be known as open formats.

Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as executable packers, runtime packers, software packers, software protectors, or even "polymorphic packers" and "obfuscating tools".

HTTP compression is a capability that can be built into web servers and web clients to improve transfer speed and bandwidth utilization.

A self-extracting archive is a computer executable program which combines compressed data in an archive file with machine-executable code to extract the information. Run on a compatible operating system, there is no need for a suitable extractor in the target computer to extract the data. The executable part of the file is known as a decompressor stub.

References

↑ at 14:35, John Leyden 23 Jul 2001. "DoS risk from Zip of death attacks on AV software?". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)
↑ Pelton, Joseph N (28 August 2018). Smart cities of today and tomorrow : better technology, infrastructure and security. Springer. ISBN 978-3-319-95822-4. OCLC 1097121557.
↑ Bieringer, Peter (2004-02-12). "AERAsec - Network Security - Eigene Advisories". Archived from the original on 2016-03-03. Retrieved 2011-02-19.
↑ "42.zip". unforgettable.dk.
↑ "research!rsc: Zip Files All The Way Down". research.swtch.com.
↑ "Quine.zip".
↑ "A better zip bomb". www.bamsoftware.com.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] t 14:35, John Leyden 23 Jul 2001. "DoS risk from Zip of death attacks on AV software?". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)

[2] Pelton, Joseph N (28 August 2018). Smart cities of today and tomorrow : better technology, infrastructure and security. Springer. ISBN 978-3-319-95822-4. OCLC 1097121557.

[3] Bieringer, Peter (2004-02-12). "AERAsec - Network Security - Eigene Advisories". Archived from the original on 2016-03-03. Retrieved 2011-02-19.

[4] "42.zip". unforgettable.dk.

[5] "research!rsc: Zip Files All The Way Down". research.swtch.com.

[6] "Quine.zip".

[7] "A better zip bomb". www.bamsoftware.com.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Hacktivism Insecure direct object reference Keystroke loggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection Site isolation

Zip bomb

Contents

Details and use

See also

Related Research Articles

References