(also decompression bomb, zip of death)
A malicious compressed file designed to crash the system trying to unarchive it. It is typically used to overwhelm the device’s security mechanisms so they’re unable to detect actual malicious software entering the device. It can also be used to crash a system entirely because unpacking the archive takes up a lot of the device’s computing power and storage.
42.zip is the most famous zip bomb. The file takes up only 42 kilobytes when compressed. When unpacked, it explodes into 4.5 petabytes of data — that’s 4,500,000 gigabytes. The file is so well-known, it’s no longer used for malicious purposes — modern antivirus software immediately recognizes it, and people can download it themselves for research.