What is a Zip Bomb (aka Decompression Bomb)?

Cyber Security Anti Virus Safe & Security

A "zip bomb" is a malicious archive file that is designed to crash or render the application or system worthless that reads the file. It is frequently used to disable antivirus software in order to allow more traditional malware to infiltrate. It is also known as a "decompression bomb."

A zip bomb lets a program run normally, but instead of hijacking its operation, it creates an archive that takes a long time, a lot of disk space, or a lot of RAMS to unpack.
A decompression bomb could be a zip file, a compressed installation file, or an executable application.
A zip file named "42.zip" is one of the most well-known zip bombs. The file is merely a few kilobytes in size, but when decompressed, it requires up to 4.5 petabytes of storage space.

Antivirus software frequently classifies a file as a decompression bomb when it is not. Users can Google the file name to discover if others have reported an issue with the same file to establish if it is a zip bomb. Most recent antivirus applications can tell if a file is a zip bomb and prevent it from being unpacked.

How Do Zip Bombs Work?

The classic decompression bomb is a little zip archive file — most of which are measured in kilobytes. However, when the file is unzipped, the contents are too much for the system to manage. Unpacking a normal zip bomb file can result in hundreds of terabytes of worthless data.

Bomb files with more advanced decompression can be millions or even billions of gigabytes in size, commonly known as petabytes and exabytes. Instead of interfering with a program's usual operation, a decompression bomb allows it to function as intended.

Best Way to Remove a Zip Bomb

Users can use the Reimage computer repair tool or comparable applications to remove zip bombs from their PCs.

Reimage scans a computer for harmful files.
The decompression bomb file will be removed once the repair operation is completed.
Users should then restart their computers to complete the process, making sure the decompression bomb is no longer present.

Zip Bomb - Is It a Virus?

A decompression bomb is, without a doubt, a malicious archive file meant to crash or render the host system worthless so that more typical viruses can do their damage.

A decompression bomb does not harm the system on its own, at least not in the sense that a regular computer virus does.
Rather than hijacking the program's normal operation, as most computer viruses do, a decompression bomb permits the system to do what it was designed to do. The only catch is that because the zip bomb contains so much compressed data, unpacking it takes an excessive amount of memory, disk space, and time.
Finally, zip bombs are bad for the system because they make a computer's 'environment' more favorable to classic virus attacks.

Opening a file classified as a decompression bomb will cause the system to hang immediately, eventually crashing and resulting in data loss.

How Can Zip Bombs Be a Major Threat?

Decompression bombs are frequently employed for nefarious purposes.

Threat actors utilize zip bombs to disable antivirus software on a computer. Hackers can gain access to the system after deactivating it and infect it with additional software, such as viruses, spyware, and ransomware.
Virus scanners are mostly used to scan zip bomb attacks. Antivirus software examines the contents of compressed archive files to guarantee that no harmful software is there. However, the virus scanner may take days to scan it due to the nature of zip bombs.
When scanning a recursive decompression bomb file, the virus scanner can even consume full system memory or crash. Other dangerous software can sneak in and infect the machine while the virus scanner is dealing with the decompression bomb.

Pranav Bhardwaj

Updated on: 09-Jun-2022

497 Views

Kickstart Your Career

Get certified by completing the course

Get Started