What is Zip Bomb or Zip of Death
A zip bomb, also known as a Zip of Death, is a malicious archive file designed to crash or render useless the program or system reading it. It is often used by virus writers to disable antivirus software, so that a more traditional virus sent afterwards could get into system undetected. A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.
A zip bomb, also known as a Zip of Death, is a malicious archive file designed to crash or render useless the program or system reading it. It is often used by virus writers to disable antivirus software, so that a more traditional virus sent afterwards could get into system undetected. A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.
What will be happen if you open a Zip Bomb?
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
Most modern antivirus programs can detect whether a file is a zip bomb, to avoid unpacking it.
42.zip is a zip bomb or zip death or decompression bomb ya it got many names,so the 42.zip is is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional viruses.
It is a zip file consisting of 42 Kb of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 Gb (4 294 967 295 bytes; ~ 3.99 Gb) file for a total of 4.5 Pb (4 503 599 626 321 920 bytes; ~ 3.99 Pb) of uncompressed data.
This file is still available for download on various websites across the Internet. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition condition, or exceed an acceptable amount of program execution time. Zip bombs often (if not always) rely on repetition of identical files to achieve their extreme compression ratios. Dynamic Programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear.
No comments:
Post a Comment
Type a comment