Main Area and Open Discussion > Living Room

Zip File Bombs

(1/3) > >>

mouser:
This is a cool and clever and nasty idea, especially with antivirus tools trying to automatically unpack zip files to analyze them.. I hope they know to watch out for this.

In 2001 reports about Zip Bombs or Zip of Death attacks made the round on the Internet and I thought it would be nice to write about one shiny harmless example of that technique. On first glance the file 42.zip is a normal compressed file with the size of 42 Kilobytes. Many users who run a virus scanner will probably run into troubles downloading that file to their computer.

It still looks like a normal 42 Kilobyte archive after the download but the surprise begins when the user tries to unpack that file. What they did was basically pack a 4.3 Gigabyte file consisting only of zeros. That packed file was replicated 16 times and packed again, and again, and again, and again. Or, to use their own words:

The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.

--- End quote ---


http://www.ghacks.net/2008/07/27/42-kilobytes-unzipped-make-45-petabytes/

Josh:
Wow, thats just evil. I have to sit back and stare in awe that this is happening. Its a fantastic idea.

yotta:
wow ;D, we have to make one of them!

kartal:
uhmm, reminds me of the number "42 " from The Hitchhiker's Guide to the Galaxy from Douglas Adams.

nosh:
Hah! :P

Navigation

[0] Message Index

[#] Next page