Imagine you’re surfing the internet, and suddenly, your internet browser grinds to a halt and won’t load any pages, even though you have a strong internet connection. You could be the victim of a zip bomb, also called a decompression bomb or encoding bomb.
Hence, you need to learn what zip bombs are and what measures to take to protect yourself from this malicious attack.
What Are Zip Bombs?
A zip bomb, jokingly referred to as the zip of death, is a large compressed file often sent by malicious entities to overwhelm your system or a specific program once you open it. It is common for these bombs to contain malware and viruses.
A zip bomb on your device is not harmful until you open it. Emails are one of the most common ways people receive zip bombs. These bombs can also accompany downloads from unsecured sites.
You should not confuse a zip bomb with a regular ZIP file. Although they are zip bombs, not all zip bombs are ZIP files. A zip bomb can be a program (such as .exe files) or a compressed installation file, not necessarily a ZIP file.
How Do Zip Bombs Work?
Zip bombs, at first glance, appear to be only tiny files of a few kilobytes, like a typical archive file. However, once you open them, they reveal their humongous sizes, which can be exabytes or petabytes large. That’s several million gigabytes of meaningless, nonsensical text or media crammed into one compressed file!
A zip bomb is usually employed as the first stage in a malware attack and sent as a ruse to distract from the main goal, which is usually to introduce malware or steal and alter the data on the system. This goal is completed when other malicious software gain access to your personal computer and infect it while your antivirus is grappling with the zip bomb.
Types of Zip Bombs
Decompression bombs differ slightly in their composition and, consequently, their attack methods. Some consist of files nestled inside each other, like nesting dolls, while others are like overlapping sheets glued and compressed many times over. However, they all have the singular motive of causing your system and antivirus application to crash.
1. Recursive Zip Bombs
Recursive zip bombs are so-called because they exist as a unit of multiple large files nestled in one another. Upon opening it, the files pop open, one after the other, causing a seemingly endless string of mostly repetitive or recurring data.
One famous example of a recursive zip bomb is the inauspicious ‘42.zip’ file, which appears to be a harmless tiny file of only about 42 kilobytes. This file explodes to about 4.5 petabytes once opened or uncompressed. Even the best PCs will be intensely overwhelmed.
2. Non-Recursive Zip Bombs
Non-recursive zip bombs are compressed, so they take only one round of decompression to unravel the baggage of junk hiding within. These can be slightly more dangerous than recursive zip bombs, as they are less likely to be picked up by antivirus software. Most antivirus applications spot zip bombs by looking for overlapping recursive files, which a non-recursive zip bomb does not have.
How to Find a Zip Bomb
It is difficult to distinguish between a regular ZIP archive file and a zip bomb at a cursory glance. They are both small-sized, appear to occupy no space, and need decompression to be viewed.
However, with modern antivirus software applications, overlapping files of recursive data can be identified for deletion.
How to Get Rid of a Zip Bomb
In the unfortunate event that your device gets hit with a zip bomb, you might have to return your device to factory settings, especially if you have attempted to open or unzip the zip bomb. You can also enlist the use of applications such as the reimage repair tool, which can scan and remove zip bombs. All you would need to do is to restart your system, and the bomb would be all gone.
How to Protect Yourself from a Zip Bomb
Although zip bombs can be employed as a defense, they are mostly weaponized and used to attack unsuspecting users. Some smart website developers, in recent times, have used a zip bomb against hackers trying to gain access to their sites, but this only accounts for a small percentage of zip bomb attacks.
Most attacks are from malicious entities, and you need to protect yourself from the effects of a decompression bomb. Here are some ways you can:
Get Authentic Antivirus Software
Most modern antivirus software are usually able to detect the presence of a probable zip bomb. They do this by scanning for overlapping recursive files. Once any is found, an alert is often sent out to ensure you avoid accidentally opening the recursive data bundled up in the file.
If you receive an alert from your antivirus application about a suspected zip bomb, delete it without opening it as soon as possible. Also, ensure you use authentic antivirus software on your device, as substandard ones may have trouble properly detecting or identifying a zip bomb.
Only Interact with Reputable Sites
Countless sites on the internet are not secure. Avoid downloading files from sites where you can not ascertain their verity or security.
You might sometimes find that you’ve received an email from a strange address bearing an attachment. It could be spam or, worse, a zip bomb in disguise. If you open it, you risk crashing your system or triggering a denial of service attack.
If you see a suspicious file in an email from an untrusted site or unfamiliar email address, delete it without opening it. Instead, flag the email as spam and delete it immediately. Take extra caution when it is a ZIP file.
Hunker Down in Your Zip Bomb Bunker
Learning about zip bombs, how they work, and, most importantly, how to protect yourself is the equivalent of building a bunker to protect yourself from a zip bomb airstrike. Apply this knowledge, and you will identify and sidestep zip bombs, no matter their format.