If you’ve downloaded a file, it’s important to make sure that you know what you’re getting before you open it. While you might already be clued in on other forms of attack such as downloading spyware or malware as a result of a phishing email, you might not have heard of the zip bomb attack.
As zip bombs can cause havoc to your device and its security, it’s crucial you don’t get caught out. To help you, we’ll cover the basics of what a zip file is, and then explain zip bombs. This will include what they are, how they work, how to protect yourself, and of course what to do if you fall victim to one.
What’s a Zip File?
A zip file is a file format that allows you to compress data in a lossless format. This can include individual files, folders, or even other zip files themselves.
Lossless means that the file can be reduced to a smaller file size, without its quality being reduced as well. But of course, you’ll probably want to restore what’s contained in a zip file to its original size so that you can access it — which means that the most common compression algorithm that a zip file uses is a decompression algorithm. Decompression essentially means returning a file to its original size.
Because of a zip file’s compression and decompression capabilities, in the wrong hands, it can act as malware. In the next section, we’ll look at what zip bombs are and the different ways that they can make your device more vulnerable to attacks, or render it unusable. There are many different reasons why hackers use zip bombs, which we’ll also cover here.
What a Zip Bomb Is and Why They’re Dangerous
A zip bomb usually looks like a typical zip file. Zip bombs are different, however, in that once you unzip them, they can contain millions of gigabytes of data. This is far too much for your computer to store, which quickly overwhelms your hard drive. Sometimes a zip bomb is also known as a “decompression bomb” or a “zip of death.”
How Does a Zip Bomb Work
Since zip folders can contain even more zips inside them, zip bombs usually contain several layers of compressed zip files which can add up to an overwhelming number of compressed gigabytes of repetitive data.
While the zip program you’re using will unzip the file as usual, the way that the archive is packed means that it takes a huge amount of time, memory, and disk space to achieve that. This can leave your computer vulnerable to other malware attacks, or just simply crash your computer.
Recursive vs. Non-Recursive Zip Bombs
There are two different types of zip bombs: recursive and non-recursive. Here’s an easy way to tell the difference between them:
- Recursive zip bombs have multiple zip bombs nested inside them, which then open one after the other – each zip folder will contain a large amount of gigabytes’ worth of data stored inside it. The name recursive comes from the fact that this zip bomb relies on a decompression algorithm’s ability to recursively unpack a succession of zip folders.
- Unlike recursive zip bombs, non-recursive zip bombs don’t rely on decompression. Instead, they compress data into a layer of overlapping files. Non-recursive zip bombs are relatively new and were invented much later than recursive zip bombs, which have existed on the internet for years.
Why Are Zip Bombs Such a Risk?
Zip bombs can pose a huge risk to both your security and your device. Here are some top reasons:
- Zip bombs exacerbate your computer system enough that it becomes vulnerable to other malware like spyware, viruses, and trojans.
- It can also disrupt systems and software such as your antivirus software.
- They can crash your computer and take up all of your computer’s usable space.
- Demonstrate the skills of a cybercriminal as a warning to an organization.
No matter what source you’re downloading a zip from, it’s important to check first for any signs it’s not a zip bomb. We’ll now look at some ways you can spot a zip bomb (without even having to use antivirus software).
The Top Signs Of a Zip Bomb
Firstly, if you are asked to download a file from a suspicious website or spam email, it’s probably not a good idea to do that in the first place. If you click a link by mistake and download the file, all you need to do is just not open it (because zip bombs are only activated once you try to open them).
If you’re not sure if a file is a zip bomb, it’s easy once you know the signs. Here are some top ways to detect a zip bomb:
- Use antivirus software (that can detect all types of zip bombs) to scan a file before you open it. Most modern forms of antivirus software protect against zip bombs, and will quarantine any file that it picks up as being one.
- Check the file size; one of the most infamous zip bombs is known as the “42” zip bomb. Compressed it shows up as containing approximately 42 kilobytes of data, but decompressed it unpacks a huge 4.5 petabytes of data.
- Enabling email filtering can help flag any malware including zip bombs that have been sent to you over email.
Other Ways to Protect Yourself From a Zip Bomb
For starters, it’s important to protect yourself against malicious emails that could contain a zip bomb. If it’s clear that a sender might have bad motives, you’ll know not to open any attachments they send in an email. But if you don’t know who the sender is, sometimes it can be difficult to know whether they’re malicious or not. While some spam or phishing emails might be easy to spot, cybercriminals are becoming more and more sophisticated at disguising themselves online.
You can work out whether an email sender is malicious or not using some of these helpful tips:
- If a sender’s email domain looks different from the one on a company’s website, they could be impersonating this company.
- Running an email search using Spokeo’s lookup tool to verify an address and see who it’s linked to.
- The email contains generic greetings, typos, and/or grammatical errors.
How to Recover From a Zip Bomb Attack
Recovering from a zip bomb attack requires time and resources, it’s not a straightforward task. So you might find it simpler to just back up any files you’re concerned about losing in an attack. Consider uploading any valuable files to a secure cloud platform, for instance, or using an external hard drive to back up large files. Other solutions include:
- Completing a factory reset of your device to clear the zip bomb.
- Using one of the zip tool apps available on the market to remove the zip bomb.
Since removing a zip bomb can be difficult, prevention is usually the best approach. Making sure you have up-to-date, modern antivirus software is therefore a highly useful way of preventing you from falling victim to this type of attack.
Final Points
While a zip bomb can be devastating to your hard drive, prevention is relatively pain-free. Modern antivirus software is usually very good at picking up all types of zip bombs. Another option could be looking at how big the zip file size is for clues. Finally, if you’re sent an attachment by someone who may or may not be suspicious, it might be worth searching their email using a lookup tool to verify it.