Comments on: Decompression Bombs Part 2

By: LOLZ

LOLZ — Sun, 15 Mar 2009 05:23:00 +0000

Gary: To your response to spoonie, why just spit on them, I suggest cutting teh bodys into many little pieces, placing them in a blender, grinding them into liquid, dumping it into their bath tub, and then defecating in it. :P

By: Rob

Rob — Wed, 18 Feb 2009 01:24:56 +0000

Firstly, it’s not too hard to make a bomb on a unix machine. I’d think a command like
‘dd if=/dev/zero bs=1M count=100000 | gzip > bomb.gz’
would do it. Make 100GB of zeros in 1Mb chunks and send that to gzip

Also, it’s not strictly speaking true that sending one in email has no potential for a profitable attack. you could bomb their mail-servers and then send in other malware attached to emails, banking on them turning off their mail scanning at least temporarily to stop the attacks. Blow a hole in their scanning for a bit.
Pretty ineffective I’d say, but in theory possible.

By: Solitude » Decompression Bombs

Solitude » Decompression Bombs — Thu, 24 Apr 2008 18:59:25 +0000

[...] Decompression Bombs Part 2 outlines some real-life examples and answers a few [...]

By: Gary Fleming

Gary Fleming — Wed, 26 Dec 2007 13:20:28 +0000

Never using a zip program, like Winzip, is an over-reaction (and a pretty untenable position to take). Just be sensible about what you open.

By: Tiffany

Tiffany — Sun, 23 Dec 2007 00:39:20 +0000

If I never use winzip will I be safe? Like a dumbass I just opened the file to see what would happen. Nothing. It opened, all is fine. (or is it?)
My antivirus program has me thinking that it’s a virus and my computer will crash the next time I reboot.

By: Danny

Danny — Wed, 12 Dec 2007 10:22:58 +0000

when you open an archive with winzip, does it auotmatically load the compressed data into memory? shouldnt you be able to check the compression ratio and compare to the file size?

By: Gary Fleming

Gary Fleming — Wed, 17 Oct 2007 21:02:55 +0000

J: you’re right, it’s not a new trick, but still pretty effective, particularly against browsers.

Wilk: Hmm… not sure. I would guess they would be accurate.

By: wilk

wilk — Wed, 17 Oct 2007 20:32:57 +0000

I have an old copy of winzip that shows the unzipped file size and the compression percentage. Will these fields be accurate or will they be spoofed by the bomb?

By: J

Wed, 17 Oct 2007 13:47:31 +0000

This is a pretty old trick. Years ago when BBS’s would unzip all .zip files that were uploaded (to add advertisements, strip other BBS advertisements, scan, etc.), you could send this sort of "bomb" and crash the BBS. I never thought of using it in modern times, though. Nice article!

By: Gary Fleming

Gary Fleming — Tue, 16 Oct 2007 21:26:53 +0000

mike: in theory, yes, you can probably aggravate the situation by picking an awkward time but the situations you describe just wouldn’t happen.

Having a single server for mail and transaction processing? Not even the smallest of banks with a technology footprint would do that.

Also, you can’t “insert a virus… through email” due to the server being down. If the server is down, you can’t send to it. There is no avenue for attack.

So: using known timing attacks to really cause havoc, absolutely. Using decompression bombs for further attack, not so much.