What is a Zip Bomb and How Does it Work?

Zip Bomb is another type of malicious attack cyber threat whose aim is to disrupt the working of the systems and steal or damage data. There are various weapons available that can be used to launch such malicious acts. Some of them include computer viruses, Denial of Service (DoS) attacks, Zip Bombs, and other attack vectors.

As the name suggests, Zip Bomb is nothing but a Zip file whose aim is to damage the hard drive. Since they are compressed, they appear like normal zip files but when uncompressed they contain huge amounts of data that can eat up the drive space. Some hackers also compress the viruses using Zip Bombs to not only overflow the hard drive but also damage or steal data from the drive as well.

A Zip Bomb is also known as a decompression bomb. This is because there are multiple layers of compressed files. When they are decompressed or unzipped, it can cause a DOS attack or crashing of systems.

There are two categories of Zip Bombs. They are as follows:

Recursive Zip Bombs

As the name suggests, this Zip Bomb uses a recursive technique. In other words, it means compressed files are nested. When unzipped, the files decompress recursively. It is to be noted that Recursive Zip files comprise zip quines which are nothing but copies of files that result in overflow. The most famous example of a Recursive Zip Bomb is 42. zip. This Zip file is 42KB but when unzipped the unpacking results in a file size of 45 petabytes.

Non-Recursive Zip Bombs

In this, a huge amount of data is compressed in a single layer instead of using multiple layers. It is also known as a simple or basic zip bomb. It is less complex as compared to a recursive Zip Bomb.

Hackers usually use this weapon to damage the user’s system. The steps to launch a zip bomb attack are as follows:

• The Hacker feeds the file with useless data. The data can be repetitive.
• Then the hacker compresses the file. The file is nothing but a zip bomb.
• After compressing, the hacker sends the file to the target user via any communication medium. The most commonly used medium is Email.
• When the user receives the file and uncompresses it, either a virus attack gets launched or the hard drive gets overflowed.

There are many risks associated with Zip Bomb Attacks. Some of them are as follows:

System Crashing

Since Zip Bombs uncompresses themselves, they eat up all the disk space which leads to the crashing of systems or slowing down.

CPU malfunctioning

As the space is all used up, the CPU cannot allocate resources for the desired tasks to be executed. Instead, the zip bomb uses a significant part of CPU resources.

Data Loss

Hackers often use zip bombs as a medium to damage data. They often compress the viruses which when uncompressed can result in huge data loss.

Denial of Service Attacks

Zip Bombs can be used to launch DoS attacks. Here Zip bombs target a network and use up all the servers and the bandwidth. Due to this legitimate users do not have access to the network resulting in denial of necessary services.

There are various techniques to tackle Zip Bombs. Some of them are as follows:

• Use the an versions of Antiviruses: Some old Antiviruses cannot detect the zip bombs. So it is highly recommended to use the latest version of Antiviruses.
• Do not download unknown attachments: Before downloading attachments from an unknown website, make sure to check the websites.
• Do not click on Spam Mail, a is,: Spam Mail is unnecessary junk mail sent to a large number of users by the hacker. Some mails are comprised of attachments and it might be a zip bomb. So do not click on spam.
• Use Email Filtering: Use Email filtering to filter out unnecessary emails or spam. For instance, Gmail warns individuals if the mail comes from an unauthorized sender.

The zip file is a collection of a large number of files that are compressed to transfer large amounts of data at a faster rate. There are some popular Compression Algorithms. Some of them are as follows:

• Lempel–Ziv–Welch (LZW)-This is a popular lossless compression algorithm that works on text files. This algorithm works on strings, splits the strings, and matches prefixes. Then it refers to the dictionary to encode the prefix.
• LZ77– It is the oldest compression algorithm that analyzes input data by replacing the redundant data with metadata to reduce the size.
• Lempel–Ziv–Markov chain algorithm(LZMA)– This is a popular lossless compression algorithm that makes use of Markov chains to compress data
• DeflateThis

We can also say that Zip bombs can be a medium for Social Engineering attacks. Hence it is strongly recommended to use proper antiviruses and not open any unknown attachments.

Is zip bomb malware?

Yes Zip bomb is considered as a malicious file. The aim of zip bomb is to damage data and eat up all the available resources. It makes use of compression algorithms to compress unnecessary files. hen decompressed it uses up all the available spaces.

Explain 42.zip

The 42.zip is the most popular zip bomb. Here the zip file size is 42 kb. But when decompressed, the size of the files become 4.5 petabytes of storage space.

Can we incorporate ML and AI to prevent attacks on Zip Bombs?

Yes we can definitely incorporate ML and AI to prevent zip bomb attacks. The Machine Learning models can be used to classify which zip files are zip bombs and which are not. The models can be trained on large amount of zip bombs which can help us to identify and take measures accordingly.