A zip bomb, also known as a zip of death or decompression bomb, is a malicious archive file
designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional viruses.
The term "ZIP bomb" refers to nested ZIP archives that when unzipped are decompressed to huge files that the victim's computer cannot process in its memory or cannot store on disk.
For example, a 4.5 petabyte file containing only zeroes can be easily compressed to 42kilobytes because the ZIP compression system can handle repetitive data extremely well.
ZIP bombs used in the past to crash antiviruses
ZIP bombs have been used in the past decades as a way to crash antivirus software, which is configured to scan ZIP files by decompressing the file and looking at its content.
While antivirus clients have gained protection against ZIP bombs, other software has not, such as web browsers or vulnerability scanners like Nikto, SQLMap, or others.
Austrian tech expert Christian Haschek has put together two PHP scripts that will scan for particular user-agent strings and deliver ZIP bombs to vulnerability scanners or web browsers trying to access secure or private web pages (such as admin panels, backends, or pages with login forms).
These scripts will replace the normal page hackers would expect to find with a ZIP bomb. Once their clients receive the ZIP bomb, they'll try to process the data and crash the attacker's software.
Comments
Post a Comment