Zip bomb , also known as the Archive of Death or English. decompression bomb is an archive file that by its nature has a destructive effect. Unpacking may cause system crash. Modern antiviruses fully recognize such files and warn the user about the destructive action.
Content
Algorithm
Externally, a similar file looks like a small archive. When unpacking, the same archive is unpacked. This file may pose a danger to antiviruses : in an attempt to unpack all archives, the antivirus can fill up all memory and find nothing.
Usage
In some cases, this way you can arrange a DoS attack on a system that processes archives without human intervention. So, messages between Fidonet nodes are sent in archives that the echo processor creates and unpacks; and on some services for exchanging files, the antivirus checks the files (for example, earlier such an attack was possible with Files@mail.ru , Yandex.People ).
Example
One 42.zip file, which occupies in compressed form 42 kilobytes (42.374 bytes ), with constant unpacking, until the data set reaches the upper unpacking limit of 4.3 gigabytes (4 294 967 295 bytes ), will occupy more than 4.5 petabytes in memory (4 503 599 626 321 920 bytes ) [1] .
Notes
- ↑ 42.zip