What is a zip bomb, and how does it crash devices?

What is a zip bomb?

A zip bomb or a zip of death is a malicious file attempting to render devices unusable. The shown size for such zip files might be only a few kilobytes. However, compression algorithms let it contain data so large it can overwhelm hard drives. Wrecking the device operation might not be its only aim. Zip bombs could also attempt to halt antivirus programs and leave devices unprotected.

There can be a few types of zip bombs:

1. A recursive zip bomb. A recursive zip bomb has multiple nested archives that unfold one after another. The layers of recursion mean that one zip file can contain seemingly endless compressed files. Such attacks also feature zip quines, meaning archives have copies of themselves.
2. A non-recursive zip bomb. A non-recursive zip bomb is a more powerful attack, overlapping files within a zip file. Thus, the compression ratios are impressive, like a 46-megabyte file compressing 4.5 petabytes.

What happens if you open a zip bomb

Zip bombs disrupt device operation depending on how much time, disk space, and memory it requires. For example, a file consisting of petabytes of information is likely to be more devastating.

Zip bombing does not hijack devices. Instead, zip bombs work to overload a device with compressed data.

An example of what a zip bomb does

A zip bomb tries to crash devices or programs by consuming too many computational resources. The most notorious example of a zip bomb is the 42.zip file. You can find it on various websites and services.

It is a file of 42 kilobytes. However, it has 16 zipped files that have 16 zipped files. Those also have 16 zipped files that also contain 16 zipped files.

If you were to download 42.zip and unpack its 4.5 petabytes of data, your device would run out of space.

Are zip bombs dangerous?

If you only download a zip bomb, the file is usually safe. The key for the bomb to explode is that users must unpack it. The file will not cause damage if users do not unzip it.

A different scenario occurs if users unzip the enormous archives.

• Zip bombs can be dangerous since they trigger data loss or crash computers.
• However, they might be even more harmful if they create a distraction for malware or viruses to enter.
• Bombs can inflict timeouts on crucial programs like security software.

Luckily, most modern antivirus programs can detect zip bombs. Modern compression programs can also determine whether a zip file is harmful.

However, website owners should pay close attention to file uploads from users. Additional security measures are necessary if a website allows users to add zip files. Unprotected sites could suffer DoS (Denial of Service) attacks due to such bombs.

Zip bombs can be useful in cybersecurity

Multiple experts note the potential of zip bombs in cybersecurity fields. In fact, these attacks could work in favor of users and companies. It is possible to unleash a zip bomb on malicious bots trying to damage websites.

So, tech-savvy users can learn how to create zip bombs for legitimate purposes.

How to stay safe from zip bombs

A zip bomb is not a high-risk attack in most cases. However, it’s still important to preserve your device resources and protect data with these recommendations.

1. Do not unzip unknown zip files

You can avoid zip bombs by avoiding such files. However, that might be unrealistic as zip files are useful and have many legitimate uses. Thus, you need to follow other tips for using zip files safely.

2. Do not download files from unknown sources

The general rule is that zip files from unknown or suspicious sources might be unsafe. They could be malicious or wreck your system by exploiting too many resources.

3. Install modern antivirus programs

It could be that users will stumble upon a devious zip file. Therefore, it is helpful to have a solution to detect it. Modern antivirus tools can determine if a tiny zip file could contain petabytes of compressed data.