Zip Bombs

2010-05-23

A Zipbomb, or a “Zip of Death”, is a compressed file that is designed to jam the system that tries to unzip it. Instead of infecting the system with malicious code, a Zipbomb is designed to use huge amounts of resources such as CPU, memory or disk space of the system that will extract the file. A simple variation is to create a large file that contains only zeros. Such a file can with the more intelligent compression methods become very small, around a few Kilobytes large. A common goal for this type of attack are spam filters on mail servers as they often want to check the contents of the attached files. A small zip-compressed file of about one Megabyte seems innocent but it may contain around one gigabyte of data when unpacked. The aim is that the spam filter will be wasting enormous resources to unpack huge amounts of zeros. Today’s spam filters are, however, intelligent enough to detect this type of attack.

Below are some ready-made files that are ready to be mailed. This should be done only for experimental purposes.

Zipbombs (.zip)