Zip bomb: Difference between revisions
No edit summary |
Undid revision 552963457 by 67.78.0.211 (talk) Vandalism. |
||
Line 3: | Line 3: | ||
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory. |
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory. |
||
Zip bombs also contain tons of child porn in most cases, making the user vulnerable to FBI investigation. |
|||
== Details and use == |
== Details and use == |
||
Revision as of 01:09, 1 May 2013
A zip bomb, also known as a Zip of Death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software to create an opening for more traditional viruses.
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
Details and use
A zip bomb is usually a small file (up to 42 kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.
The technique has been used on dialup bulletin board systems.[1]
Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it.[2]
Examples
One example of a Zip bomb is the file 42.zip which is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte (4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5 petabytes (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed data. [3] This file is still available for download on various websites across the Internet. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out of memory condition, or exceed an acceptable amount of program execution time.
See also
- Billion laughs, a similar attack on XML parsers
- Busy beaver, a program that produces the maximum possible output before terminating
- E-mail bomb
- Logic bomb
- Fork bomb
References
External links
- ZIP File Quine, a zip file recursively containing itself
- 42.zip on http://www.unforgettable.dk/
- 42.zip on SecurityFocus.com
- July 2001 story from TheRegister.co.uk