In 2001 reports about Zip Bombs or Zip of Death attacks made the round on the Internet and I thought it would be nice to write about one shiny harmless example of that technique. On first glance the file 42.zip is a normal compressed file with the size of 42 Kilobytes. Many users who run a virus scanner will probably run into troubles downloading that file to their computer.
It still looks like a normal 42 Kilobyte archive after the download but the surprise begins when the user tries to unpack that file. What they did was basically pack a 4.3 Gigabyte file consisting only of zeros. That packed file was replicated 16 times and packed again, and again, and again, and again. Or, to use their own words:
The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.
You could basically unpack the 42 Kilobyte file into 4.5 Petabyte of uncompressed data if your hard drive storage space would be enough to do that.
Preuzeto sa http://www.ghacks.net/2008/07/27/42-kilobytes-unzipped-make-45-petabytes/
No comments:
Post a Comment