Programmer and engineer David Fifield introduced a new Zip-bomb, which can turn into a 4.5 petabyte from a 46 MB file.
Files of this type are also known as «decompression bomb».
“The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers”, — argues David Fifield.
Fifield’s innovation lies in the fact that he found a way to overlap files inside the Zip archive, which allowed a significant increase in the compression ratio to unprecedented sizes.
As the expert notes, his success is explained by an alternative method for processing Cyclic Redundant Code (CRC).
All who is interested David suggests studying the source code that can be found by this link.
Usually, archival bombs are used in destructive attacks, where the attackers’ purpose is to cause malfunction of the system or lead to its complete inoperability.
Reference:
A Zip Bomb, also known as a zip of death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software to create an opening for more traditional viruses.
