What Is A Decompression Bomb And How Does It Work?

Table of Contents (click to expand)

A decompression bomb is a malicious archive file that contains a lot of repeated data. This data can crash the program reading it, which is why it’s also known as the ‘zip of death’. A computer virus is a type of malware program that attaches itself to an executable program or a file and subsequently travels through other programs and files, infecting files in its wake.

What Is A Decompression Bomb?

A decompression bomb or zip bomb is a malicious archive file that contains a lot of repeated data that can crash the program reading it. Also known as the ‘zip of death’, a zip bomb is often used to render an antivirus program useless, so that more traditional viruses can gain entry into a system.

A computer virus, commonly referred to as a ‘virus’, is a type of malware program that attaches itself to an executable program or a file and subsequently travels through other programs and files, infecting files in its wake.

virus malware

Once executed, a virus can harm your computer in many ways; it can replicate files and folders, increase CPU load drastically, steal hard disk space, corrupt data, spam contacts, and do other such unpleasant things. You can read more about computer viruses, malware, trojan horses etc. in this article in more detail.

Recommended Video for you:

If you wish to buy/license this video, please write to us at [email protected].

As you might already know, not all computer viruses are the same. In fact, there are hundreds upon hundreds of types of viruses, which differ in the way they are executed, the way they affect their ‘host’ system and the kind of damages that they cause.

Also Read: Are Smartphones Immune To Digital Viruses?

‘The File Is A Decompression Bomb’

While running an antivirus scan on your computer, you may have seen a warning displayed by your antivirus program announcing that ‘the file is a decompression bomb’.

the file is decompression bomb
The infamous error shown by a popular antivirus program.

Now, two questions may arise in your head upon reading such an alert by your antivirus program: first, what in the world is a ‘decompression bomb’? Is it a virus? And second, why can’t the antivirus program scan it?

As mentioned earlier, a decompression bomb is a zip file that is so highly compressed that when it’s actually decompressed on a system, it takes up a huge amount of disk space. In fact, in most cases, the decompression of such ‘zip bombs’ takes such a long time that the antivirus program crashes, and the ‘host’ system follows suit.

A decompression bomb may be a zip file, a compressed installation file or even a certain program .exe file that wreaks havoc on your system as soon as you decompress it. There’s one very popular zip bomb – a zip file that goes by the title ‘42.zip’: the file itself is just a few kilobytes, but when decompressed, it consumes 4.5 petabytes’ worth of space on the disk! (Source)

Decompression bomb activated meme

A zip bomb simply exploits the process of compression. Suppose, you had a data that looked something like:

thor thor thor thor thor thor thor thor thor thor thor thor

During compression, it would be written simply as thor*12. This sort of ‘shortening’ would obviously save a lot of space, and therefore, the size of the compressed file would be very small. But when decompressed, the size of the file would be unimaginably high… so high that you may run out of storage space on your system, and still not be able to decompress it completely!

Also Read: Do You Really Need Antivirus Software?

Is A Decompression Bomb (Zip Bomb) A Virus?

Not necessarily…

You see, a decompression bomb is certainly a malicious archive file designed to crash or render useless the host system so that ‘headway’ is made for more traditional viruses to do their damage. However, a decompression bomb, all by itself, doesn’t cause any damage to the system, at least not in the way a traditional computer virus does.

Rather than hijacking the normal operation of the program, as normal computer viruses usually do, a decompression bomb actually allows the system to do its job as it’s designed. The only catch is that the zip bomb contains so much compressed data that unpacking it requires excessively massive amounts of memory, disk space and time.

when you open a zip bomb

Ultimately, zip bombs are harmful to the system because they make the ‘environment’ of a computer more conducive for an attack by traditional viruses. Thankfully, modern (and good) antivirus programs can detect whether a file is a zip bomb, and alert the user so they don’t try to unpack it.

Even so, the next time you encounter a suspicious zip file titled ’42.zip’, it would be best to leave it alone. Deleting it wouldn’t hurt either.

How much do you know about a decompression bomb?

Can you answer three questions based on the article you just read?

References (click to expand)
  1. IDS04-J. Safely extract files from ZipInputStream. Carnegie Mellon University
  2. Compression Bombs - www.se.rit.edu
  3. Anti-forensics: Techniques, detection and countermeasures. Academia.edu
Share This Article

Suggested Reading

Was this article helpful?
Help us make this article better
Scientific discovery can be unexpected and full of chance surprises. Take your own here and learn something new and perhaps surprising!

Follow ScienceABC on Social Media:

About the Author

Ashish is a Science graduate (Bachelor of Science) from Punjabi University (India). He spearheads the content and editorial wing of ScienceABC and manages its official Youtube channel. He’s a Harry Potter fan and tries, in vain, to use spells and charms (Accio! [insert object name]) in real life to get things done. He totally gets why JRR Tolkien would create, from scratch, a language spoken by elves, and tries to bring the same passion in everything he does. A big admirer of Richard Feynman and Nikola Tesla, he obsesses over how thoroughly science dictates every aspect of life… in this universe, at least.