If not redirected, please click here https://www.thesecuritybuddy.com/malware-prevention/what-is-a-zip-bomb/
A Zip Bomb or Zip of Death
or Decompression Bomb is a malicious archive file that crashes
the program or the system that tries to read it.
Normally, a Zip Bomb consists of a
compressed file such that when a program tries to decompress it, it
takes huge amount of time, disk space or memory and as a result, the
program or the system crashes.
Where is Zip Bomb used ?
A Zip Bomb is normally used by an
attacker to disable anti-virus software, so that the computer can be
easily infected by malware.
It is usually a small compressed file
which does not create much suspicion. But, when a program tries to
decompress it, its contents become larger than the program or the
system can handle. As a result, when an anti-virus program tries to
scan it, it ends up crashing.
How is a Zip Bomb made ?
A Zip Bomb typically contains layers of
nested zip files, such that when the compressed file is decompressed
recursively, the size of the decompressed file ends up being in
petabytes.
To give an example, 42.zip is a popular
Zip Bomb. It consists of 42 kilobytes of compressed data. This
compressed file has five layers of nested zip files. And, each layer
consists of 16 compressed files, where each compressed file consists
of 4.3 gigabyte of data after decompressing. So, in total the Zip
Bomb will consist of 4.5 petabytes of data when it is decompressed.
Is there any preventive measure for
Zip Bomb ?
Most of the recent anti-virus programs
are capable of preventing Zip Bombs. Normally, in anti-virus scanners
only a few layers of recursion are performed on archives. And, Zip
Bombs often repeatedly use identical files. So, Dynamic Programming
methods are used to detect them and to limit their expansion.
This was an article to inform you on
another threat. Hope you liked it.
it's helpful 4 us
ReplyDelete