A zip bomb, also known as a Zip of Death, is a type of denial of service attack. Specifically, it a malicious computer file archive that is designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software.
Rather than hijacking the normal flow of control of the program, with a zip bomb the program works as intended, but the archive is carefully crafted so that, unpacking it (e.g. by a virus scanner in order to scan for viruses) require enormous amounts of time, disk space, or memory.
A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is opened, its description implies that its contents are inordinately large (e.g. terabytes), which the program or system reading it is not prepared to handle.
The term was apparently first coined in July 2001, but the same technique has been used on dialup bulletin board systems at least as long as compressing data archive programs have been around.[citation needed]
When antivirus software started to automatically check email message attachments, crackers started to zip viruses into archives to avoid detection. Then, antivirus software started to unzip and check email attachments. That gave crackers an idea to create zip bombs. A cracker would create, for example, a text file with the letter X repeating many million times. That would produce a small archive but massive disk and memory usage when unzipped, somewhat like a DoS attack started from the inside of the computer, blowing it away. Thus, a zip bomb.
Zip bombs were initially intended to cause trouble with unsuspecting users downloading the file, crashing anti-virus programs that scanned uploaded files, and to cause chaos in computer labs. Later Zip bombs were used to crash anti-virus checkers on email systems, disabling them so that an infected file sent afterwards could get through.
Today, most antivirus programs can detect whether a file is a zip bomb and avoid triggering the bomb.
Usually however, rather than allowing mail through unchecked, it resulted in effectively stopping mail to the target, either because the AV software was laboriously checking the entire large file and queuing up mail behind it, or the mail checker crashed altogether.
One example of a Zip bomb was the file "42.zip" which itself was 42 Kilobytes in size, but contained five layers of nested zip files for a total of 4.5PB of uncompressed data.
42 code:
http://www.unforgettable.dk/
{ 0 comments... read them below or add one }
Post a Comment