What is a Decompression Bomb?
A decompression bomb or zip bomb is a malicious archive file that contains a lot of repeated data that can crash the program reading it. Also known as the ‘zip of death’, a zip bomb is often used to render an antivirus program useless, so that more traditional viruses can gain entry into a system.
A computer virus, commonly referred to as a ‘virus’, is a type of malware program that attaches itself to an executable program or a file and subsequently travels through other programs and files, infecting files in its wake.
Once executed, a virus can harm your computer in many ways; it can replicate files and folders, increase CPU load drastically, steal hard disk space, corrupt data, spam contacts, and do other such unpleasant things.
You can read more about computer viruses, malware, trojan horses etc. in this article in more detail.
As you might already know, not all computer viruses are the same. In fact, there are hundreds upon hundreds of types of viruses, which differ in the way they are executed, the way they affect their ‘host’ system and the kind of damages that they cause.
‘The file is a decompression bomb’
While running an antivirus scan on your computer, you may have seen a warning displayed by your antivirus program announcing that ‘the file is a decompression bomb’.
Now, two questions may arise in your head upon reading such an alert by your antivirus program: first, what in the world is a ‘decompression bomb’? Is it a virus? And second, why can’t the antivirus program scan it?
As mentioned earlier, a decompression bomb is a zip file that is so highly compressed that when it’s actually decompressed on a system, it takes up a huge amount of disk space. In fact, in most cases, the decompression of such ‘zip bombs’ takes such a long time that the antivirus program crashes, and the ‘host’ system follows suit.
A decompression bomb may be a zip file, a compressed installation file or even a certain program .exe file that wreaks havoc on your system as soon as you decompress it. There’s one very popular zip bomb – a zip file that goes by the title ‘42.zip’: the file itself is just a few kilobytes, but when decompressed, it consumes 4.5 petabytes’ worth of space on the disk! (Source)
A zip bomb simply exploits the process of compression. Suppose, you had a data that looked something like:
thor thor thor thor thor thor thor thor thor thor thor thor
During compression, it would be written simply as thor*12. This sort of ‘shortening’ would obviously save a lot of space, and therefore, the size of the compressed file would be very small. But when decompressed, the size of the file would be unimaginably high… so high that you may run out of storage space on your system, and still not be able to decompress it completely!
Is a decompression bomb (zip bomb) a virus?
You see, a decompression bomb is certainly a malicious archive file designed to crash or render useless the host system so that ‘headway’ is made for more traditional viruses to do their damage. However, a decompression bomb, all by itself, doesn’t cause any damage to the system, at least not in the way a traditional computer virus does.
Rather than hijacking the normal operation of the program, as normal computer viruses usually do, a decompression bomb actually allows the system to do its job as it’s designed. The only catch is that the zip bomb contains so much compressed data that unpacking it requires excessively massive amounts of memory, disk space and time.
Ultimately, zip bombs are harmful to the system because they make the ‘environment’ of a computer more conducive for an attack by traditional viruses. Thankfully, modern (and good) antivirus programs can detect whether a file is a zip bomb, and alert the user so they don’t try to unpack it.
Even so, the next time you encounter a suspicious zip file titled ’42.zip’, it would be best to leave it alone. Deleting it wouldn’t hurt either.