Zip bomb: Difference between revisions

Content deleted Content added

Inline

Revision as of 09:39, 5 December 2021

A zip bomb, also known as a decompression bomb or zip of death is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional malware.^[1]

A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, creates an archive that requires an excessive amount of time, disk space, or memory to unpack. ^[2]

Most modern antivirus programs can detect whether a file is a zip bomb, to avoid unpacking it.^[3]

Details and use

A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle.

One example of a zip bomb is the file 42.zip, which is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom-layer archive containing a 4.3-gigabyte (4294967295 bytes; 4 GiB − 1 B) file for a total of 4.5 petabytes (4503599626321920 bytes; 4 PiB − 1 MiB) of uncompressed data.^[4] This file is available for download on various websites across the Internet, with much ease for anyone who wants it. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often (if not always) rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear.

There are also zip files that, when uncompressed, yield identical copies of themselves.^[5]^[6] A sophisticated form of zip bombs exploits the specifications of zip files and the Deflate compression algorithm to create bombs without the use of nested layers as used in 42.zip.^[7]

References

^ at 14:35, John Leyden 23 Jul 2001. "DoS risk from Zip of death attacks on AV software?". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)
^ author., Pelton, Joseph N,. Smart cities of today and tomorrow : better technology, infrastructure and security. ISBN 3-319-95822-4. OCLC 1097121557. {{cite book}}: |last= has generic name (help)CS1 maint: extra punctuation (link) CS1 maint: multiple names: authors list (link)
^ Bieringer, Peter (2004-02-12). "AERAsec - Network Security - Eigene Advisories". Retrieved 2011-02-19.
^ "42.zip". unforgettable.dk.
^ "research!rsc: Zip Files All The Way Down". research.swtch.com.
^ "Quine.zip".
^ "A better zip bomb". www.bamsoftware.com.

[1] t 14:35, John Leyden 23 Jul 2001. "DoS risk from Zip of death attacks on AV software?". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)

[2] uthor., Pelton, Joseph N,. Smart cities of today and tomorrow : better technology, infrastructure and security. ISBN 3-319-95822-4. OCLC 1097121557. {{cite book}}: |last= has generic name (help)CS1 maint: extra punctuation (link) CS1 maint: multiple names: authors list (link)

[3] Bieringer, Peter (2004-02-12). "AERAsec - Network Security - Eigene Advisories". Retrieved 2011-02-19.

[4] "42.zip". unforgettable.dk.

[5] "research!rsc: Zip Files All The Way Down". research.swtch.com.

[6] "Quine.zip".

[7] "A better zip bomb". www.bamsoftware.com.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

@@ Line 5: / Line 5: @@
 A '''zip bomb''', also known as a '''decompression bomb''' or '''zip of death''' is a malicious [[archive file]] designed to crash or render useless the program or system reading it. It is often employed to disable [[antivirus software]], in order to create an opening for more traditional malware.<ref>{{Cite web|url=https://www.theregister.co.uk/2001/07/23/dos_risk_from_zip/|title=DoS risk from Zip of death attacks on AV software?|first=John Leyden 23 Jul 2001|last=at 14:35|website=www.theregister.co.uk}}</ref>
+A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, creates an archive that requires an excessive amount of time, disk space, or memory to unpack. <ref>{{Cite book|last=author.|first=Pelton, Joseph N,|url=http://worldcat.org/oclc/1097121557|title=Smart cities of today and tomorrow : better technology, infrastructure and security|isbn=3-319-95822-4|oclc=1097121557}}</ref>
-Rather than hijacking the normal operation of the program, a [[zip file|zip]] bomb allows the program to work as intended, but the archive is crafted so that unpacking it (e.g., by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
 Most modern antivirus programs can detect whether a file is a zip bomb, to avoid unpacking it.<ref>{{cite web | url = http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html | title = AERAsec - Network Security - Eigene Advisories | access-date = 2011-02-19 | last = Bieringer | first = Peter | date = 2004-02-12}}</ref>

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Hacktivism Insecure direct object reference Keystroke loggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection Site isolation

Revision as of 09:39, 5 December 2021

Details and use

See also

References