5

This article claims that zip bombs cannot be used today as modern systems are too smart for it and no victim is going to slowly unpack terrabytes of data so zip bombs are basically useless.

Is this true? Are there any uses for a zip bomb at all?

Say, how about a program that slowly extracts a zip bomb in the background. Slowly so that the victim doesn't realize that their hard disk is being filled with rubbish.

Anders
  • 64,406
  • 24
  • 178
  • 215
Vegeta
  • 51
  • 1
  • 2
  • Why would you need a zip file in that case? Could just dump random data, if you can get a program there in the first place - either grab it from `/dev/random`, or just encrypt any convenient large files that are lying around, since the output will look random. – Matthew Feb 22 '17 at 11:31
  • @Matthew: I think you've miised the point of a zip bomb - you can't send /dev/random in an email (although you could link it as urgent_confidential.docx and leave it on a samba share) – symcbean Jul 06 '18 at 21:51
  • @symcbean Reread the last paragraph of the question. – Matthew Jul 07 '18 at 06:05

2 Answers2

2

Most antivirus are able to detect zip bombs. In this modern day. Zip bombs doesn't cause much effect or not at all to systems.

Antivirus scans 3 downlevel usually unless you changed the settings so

Zip bombs don't cause AV to crash therefore does not "create" a scenario where AV crashed and opportunity arises for malware to infect the system.

System Processes now work more efficiently as compared to earlier days when zip bombs are reigning.

If unpacking zip bombs consumes memory. It pretty much are contained within the process. The process handling the extraction would just run out of memory and crash.

Writing a script and slowly extracting the zip bombs does not make a dent in the system, running out of space, the unzipping would fail.

Again modern day systems running into low disk space will sound a 'low disk space's warning. All the user needs to do is find large files and just deleting them.

Even if disk spaces are full, system will still run at minimal mode.

Zip bombs are not what its name says it is. When you unzip a zip bomb, it doesn't "explode" in a grand fashion. If you use the extract all function. It's just gonna crash. Period.

So what about possible use case? I probably say use it to troll someone, wasting 10secs of their life? But then again you be wasting your time and effort creating it.

In my opinion it isn't worth doing it now.

Lester T.
  • 1,263
  • 1
  • 9
  • 21
  • and what if there are only 1 levels of depth of file? https://security.stackexchange.com/questions/203206/zip-bomb-how-to-guard-our-websites – T.Todua Feb 08 '19 at 10:39
2

  1. You can crash-bomb IE11 visitors for example, by sending back a GZIP-bomb:
    https://blog.haschek.at/post/f2fda

  2. DOS of a webservers with bad GZIP - You can send a GZIP-bomb as post-request.

  3. You can DOS bad-quality anti-virus/-software

  4. You can DOS vulnerability scanners

  5. You can DOS bad email servers.

Quandary
  • 113
  • 4