In computing, azip bomb, also known as adecompression bomb orzip of death (ZOD), is a maliciousarchive file designed to crash or render useless the program or system reading it. The older the system or program, the less likely it is that the zip bomb will be detected. It is often employed to disableantivirus software, in order to create an opening for more traditionalmalware.[1]
A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, it creates an archive that requires an excessive amount of time, disk space, or memory to unpack.[2]
Most modern antivirus programs can detect zip bombs and prevent the user from extracting anything from it.[3]
A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle.
A famous example of a zip bomb is titled42.zip, which is azip file of unknown authorship[4] consisting of 42kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom-layer archive containing a 4.3-gigabyte (4294967295 bytes;4 GiB −1 B) file for a total of4.5 petabytes (4503599626321920 bytes;4 PiB −1 MiB) of uncompressed data.[5]
In many anti-virus scanners, only a few layers ofrecursion are performed on archives to help prevent attacks that would cause abuffer overflow, anout-of-memory condition, or exceed an acceptable amount of program execution time.[citation needed] Zip bombs often rely on repetition of identical files to achieve their extreme compression ratios.Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear.[5]
