Submitted by [deleted] t3_ydcv2u in explainlikeimfive
nulano t1_itrrejg wrote
Different tools will have different limits, but some antiviruses consider anything with a compression ratio greater than 90% to be a zip bomb. It isn't difficult to make such a file, just a 4KB file filled with zeroes will have around 178 bytes when zipped, which is a 96% compression ratio. And you can easily do this yourself.
However, this file is not really large enough to be malicious. To be malicious, you'd have to use a larger file. For example, a 1GB zip with that compression ratio would take up 23GB when unzipped, which could easily be seen as malicious depending on the content.
If you want to create an even larger zip bomb, you probably won't have enough space on your system to compress a file, but you would just manually modify the zip structure so that instead of saying 4000 zeroes it says 40000000000000 zeroes. This would give you a compression ratio very close to 100%.
Viewing a single comment thread. View all comments