What is a Zip bomb? Definition, How it Works, Consequences and Mitigation.
Introduction
If you have ever received a zip file or an archived file and tried to open it, your computer seemed to be taking forever trying to unzip a file that was just about 500kb. Then, you realized that your computer was slowly freezing till it eventually crashed, it is most likely that you have been a victim of the zip of death, just like many other people, but don’t worry, by the end of this article, you should be ready for the next time you encounter a zip bomb. First of all, let’s start with the zip bomb definition.
Zip bomb definition
Zip bombs, also known as zip of death or decompression bomb, are malicious archive files designed to crash or disable the program or device reading them.
The zip bomb is one of the many DoS attacks that exist; an infamous family of attacks that task a program or device with unproductive functions beyond its capacity so that it cannot carry out productive tasks till it freezes over and ultimately crashes.
The zip bomb was named so that most usable files are archived in a .zip format when compressed.
A zip bomb or decompression bomb can present itself in many forms, but all represent the same attempt; to occupy the target device’s memory with useless data so it cannot continue running normally. Zip bombs enter your device through email attachments or can be lodged in web pages waiting to be downloaded.
Zip bombs can come in file archives weighing very small, mostly measured in kilobytes, but contain compressed files that, when unzipped, contain files as large as millions of useless data. If a bomb is sent to you and you attempt to unzip it, you can be sure that it will take up all the space on your hard drive and make your device incapable of doing anything else.
How do zip bombs work?
Zip bombs exploit the zip compressor and the ability to compress large files into small, easy-to-move files. Imagine a zip bomb as a clown car or a trojan horse. Whichever one you’re used to, it poses to be a small harmless file but waiting to be unzipped is a horde of useless data waiting to take up every space and processing power your device can muster.
Zip bombs come in different forms; sometimes, they can be two or more files continually overlapped and compressed into a .zip format in a way that is not anticipated by the program reading the file. In worse cases, it can be a zipped file set up with a recursive program in it; such a zip file will contain an item in it with a program that recreates that same item so that when unzipped, the .zip file unzips into itself, making for an infinite unzipping cycle, creating a looping effect.
You might have an antivirus or file scanning software on your device. Still, if said software is not well equipped to tackle a zip bomb, it decompresses the archive file in an attempt to scan through it for viruses. Scanning through millions of gigabytes of data is no small feat. Unfortunately, this task crashes the antivirus and moves on to crash the device.
The most dangerous zip bomb ever, developed by a researcher named David Fifield, is a 46MB base file that, when decompressed, expands into 4.5petabytes of data. Unfortunately, you don’t have a supercomputer that can read 4.5 million gigabytes of data lying somewhere.
Consequences of zip bomb
Zip of death, death archive, decompression bomb, zip bomb; this attack goes by many names, and none of them portray a good intention:
The zip bomb is a typical Trojan Horse; it doesn’t pose a threat; it can come as an attachment in an email from your mum, your close friend, or even work. It can even be disguised as an important file on a website. But the thing about zip bombs is that they cause no real damage upon activation, they are practically harmless on their own, but by keeping the antivirus scanner and every other perimeter defense busy with scanning petabytes of data, they begin to monopolize on the one huge task at hand leaving the rest of the device defenseless and open to other cyberattacks and data leaks. Like the Trojan Horse, the zip bomb cannot take down the device on its own, opening the gates for more harmful threats leading to the computer’s inevitable crash.
What are zip bombs used for?
- Zip bombs are used for Denial-of-Service attacks. They can be used to deny the right of entry to important data on sites, prevent PCs from being able to connect with each other, or even crash the victim’s device.
- As damaging as it is, Zip bombs work just like every other weapon. They can be wielded for offensive and defensive purposes. Sometimes, developers hide a zip bomb on their sites, not for visitors but hackers; the zip bomb is set like a booby trap on the site so that anyone who attempts to hack the site is given millions of gigabytes of data for their device to deal with.
- Zip bombs are also used to booby trap documents to prevent unauthorized access. Programmer Chris Braun made the first known instance of such a zip bomb in 1994 as an anti-piracy measure for his game: “The 7th Guest”. The game was released on three floppy disks and accompanied by an installation guide that guaranteed you could only install it three times before paying for another game copy (the actual limit was five installations). Braun decided he would fight back against piracy by creating a large file that would be impossible to install without paying for more disks.
- And in the offense, zip bombs are used to breach a device’s security, acting like an immune deficiency attack, keeping the defense systems of an endpoint busy while exposing it to uncontrollable levels of threats.
How to find a zip bomb
Zip bombs, while in the guise of a regular archive file, are notoriously difficult to stop and cannot be spotted with the naked eye. However, many tools on the internet can help you detect a zip bomb.
Most modern antivirus software can scan a file and recognize a recursion, flagging the such file as harmful.
Users can also google a suspicious file name to see if there is any bad feedback on it from people.
A few tips to keep to:
- Download and use trusted antivirus software like Norton and Avast would do.
- Download files from trusted websites.
How do I delete a zip bomb?
You can use the reimage PC fix tool to extract a zip bomb from a device. Reimage spots harmful documents and data in a framework. The zip bomb file will be removed when the fixing process is finished. The deadly archive has been removed after a quick restart to finish the repair.
Have you ever heard of Fork Bomb? Another dangerous form DOS attack. Read everything you need to know about Fork Bomb attack here.
