What is a 42.zip bomb? and how it explodes to 4.5 Petabytes?

A zip bomb is a compressed ZIP archive file that halts or crashes the system which reads it. The decompression software, when uncompresses such an archive file, takes an enormous amount of disk space, processing time, or memory. This makes the executing system go out of resources and crash eventually. One such example of ZIP Bomb files is 42.zip compressed archive whose size is 42 kilobytes but expands to 4.5 petabytes of uncompressed data.

Learn about Compression Algorithms in our brief compendium

Recursive vs Non-Recursive ZIP Bombs

ZIP Bomb files can be created in two different methods i.e. recursively exploding and non-recursively compressed zip archives.

A recursive zip bomb contains layers of compressed files in a single archive file. This tells the decompression software to recursively expand the nested archives, growing the output exponentially.

A non-recursive zip bomb archive overlaps the files inside the zip container and does not rely on the decompressor’s recursive unpacking of zip files nested within the zip files. This results in expansion of the archive after a single round of decompression and increases output size quadratically resulting in output files size as big as up to 281 TB from a small 10 MB file.

42.zip – A ZIP Bomb Example Archive File

42.zip is the best-known example zip archive file that has a size of just 42kb, but when expanded, it reaches to a size of 4.5 PB, which is well over the size of any available storage system. It consists of recursively nested zip-files, where the lowest level zip file decompresses to a sie of 4.3 GB. The construction uses the most common DEFLATE compression algorithm which is compatible with most zip parsers.

Conclusion

A single zip bomb file can cause tremendous problems to your computer system. For example, Antivirus scanner software will scan the contents of such an archive to make sure that they don’t contain any malicious software. But these zip bombs will engage the antivirus in a non-ending activity, resulting in a system crash or system out of memory issues. Other malicious software can infect the computer during the halt activity of the antivirus software. Thankfully, many anti-virus scanners now scan only a few layers of recursion to help prevent attacks carried out using such zip bombs.