Cyber Security Alert: Beware of Zip Bomb Attacks!

Summary: This 3-minute article explains the cyber security threat posed by zip bombs. Learn how to protect your computer system from a zip bomb attack. Contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com for a cyber risk analysis and to discuss the best methods to protect your business from cyberattacks.

What Is a Zip Bomb?

Zip bombs have been around since the late 1990s. They rise and fall out of popularity in the cybercrime world. However, many users have not heard of them and know nothing about zip file security. Wikipedia (https://en.wikipedia.org/wiki/Zip_bomb) states, “In computing, a zip bomb, also known as a decompression bomb or zip of death, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software in order to create an opening for more traditional malware.”

Most computer users have created or opened zip files (compressed files), which are made smaller for ease of storage and file sharing. However, hackers have learned to apply the same compression principles in crafting zip bombs that appear to be small files but, when opened, become thousands of times larger than the compressed files.

Zip bomb downloads can seem small and benign until they are unpacked. In one well-known experiment, a programmer created a zip bomb compressed to 46 MB that, when downloaded and opened, unzipped into a 4.5 PB file (over 1 billion MB). Data files of that magnitude will overpower most computers' RAM and storage memory solely due to their size.

Therefore, zip bombs are a form of DoS attack (Denial of Service) in that they can stop all computer functions. Imagine the far-reaching, destructive power of a zip bomb loaded with more data than your computer can handle and a payload of malicious software. To make things even more confusing, zip bombs are not always ZIP files. Instead, they can be compressed programs or installation files, which often makes it harder for users to detect them before opening them.

A zip bomb can be the launch point for a malware attack targeting your entire computer system. Although your antivirus software might detect and engage the zip bomb, it is distracted from addressing other malicious software already infecting your computer. To become more prepared to avoid zip bomb threats, it is essential to learn about the different forms they might take.

There are two main types of zip bombs:

How to Spot a Zip Bomb Attack

Recursive zip bombs can be detected by most premium antivirus software. The antivirus program can identify overlapping recursive files and alert the user without opening them. However, non-recursive bombs are much more challenging to detect. Fortunately, zip bombs are not very common. In the case of non-recursive zip bombs, user cyber security best practices and training are crucial to avoiding an attack:

Setting File Size Thresholds

Robust antivirus and compression software can reduce the risk of a decompression bomb denial of service by setting file size thresholds. Creating a specific limit for the maximum file download size that is low enough to keep your system from overloading is the best way to avoid a system crash caused by a zip bomb. In addition, setting file size limits is an automatic failsafe to stop such an attack before your computer’s resources are overwhelmed.

More than ever, users are the front lines of protection for your SMB’s computer system and network. Codifying and training your employees in comprehensive cyber security best practices for your business will be time and money well spent in securing your hard-earned data and keeping your business efficient and fully operational.