In 2001 reports about Zip Bombs or Zip of Death attacks made the round on the Internet and I thought it would be nice to write about one shiny harmless example of that technique. On first glance the file 42.zip is a normal compressed file with the size of 42 Kilobytes. Many users who run a virus scanner will probably run into troubles downloading that file to their computer.
It still looks like a normal 42 Kilobyte archive after the download but the surprise begins when you try to unpack that file. What they did was basically pack a 4.3 Gigabyte file consisting only of zeros. That packed file was replicated 16 times and packed again, and again, and again, and again. Or, to use their own words:
The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.
You could basically unpack the 42 Kilobyte file into 4.5 Petabyte of uncompressed data if your hard drive storage space would be enough to do that. It is usually not enough to do just that, so you either need to browse the file in your archiver of choice, or believe what the creator of the file has posted about the file on the website.
The zip file is password protected, probably to avoid that it gets flagged during download by an antivirus program.
Update: Most modern antivirus programs should detect the file these days and block it from being extracted on the system. If you want to test your antivirus solution download the file to your system and try to extract it. Watch what happens and let us know how it turns out for you.
No comments: