It is possible to create ‘Zip Bomb’ — a small zip file that contains multiple layers of nested zip archives. One can say it has a malicious nature since the final unzipped version of the data could be several orders of magnitude larger than the zipped one.
Once unzipped, zip bombs can render the machine unresponsive and unavailable. Now, a researcher named David Fifield has developed the most dangerous zip bomb ever; it can cause a 46MB base file to expand into 4.5 petabytes of data.
To give you a perspective, 10 billion photos on Facebook are equivalent to 1.5PB. This means Fifield managed to cram the equivalent of 30 billion Facebook photos into a tiny 46MB file.
How is this Zip Bomb created?
Fifield’s Zip Bomb is an improvisation over the existing zip bombs as it doesn’t rely on recursion to achieve its compression. He figured out how to “overlap” files inside a Zip archive. It allowed him to achieve compression rates that are far greater than a traditional archive.
The zip bomb uses Zip64 extension to remove the zip format’s 281TB output limit. Even though Zip64 is popular, it’s not used everywhere like the base zip format. So Fifield’s Zip Bomb may not affect some programs.
“It works by overlapping files inside the zip container, in order to reference a ‘kernel’ of highly compressed data in multiple files, without making multiple copies of it. The zip bomb’s output size grows quadratically in the input size; i.e., the compression ratio gets better as the bomb gets bigger,” writes Fifield in his blog.
Since Fifield’s method isn’t based on recursion, it can evade antivirus software that can detect more traditional zip bombs — making it dangerous.
This is why one should avoid downloading and opening suspicious files. You’d think that this is common knowledge but the fact is a lot of people fall victim to such malacious files.