Author Topic: What exactly is a DECOMPRESSION BOMB ?  (Read 4001 times)

0 Members and 1 Guest are viewing this topic.

jayduttkulkarni

  • Guest
What exactly is a DECOMPRESSION BOMB ?
« on: July 20, 2012, 04:14:55 AM »
Hey what exactly is a decompression bomb??????????? I read an article on Wikipedia and I quote, " A decompression bomb is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, so that a more traditional virus sent afterwards could get through undetected.
Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.
The technique has been used on dialup bulletin board systems at least as long as compressing data archive programs have been around.[citation needed]
Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it"
And I read a reply to a similar question on Avast forum which says that it is just a highly packed archive??????????
So what should I do with these files ??????????

iroc9555

  • Guest
Re: What exactly is a DECOMPRESSION BOMB ?
« Reply #1 on: July 20, 2012, 04:21:51 AM »
jayduttkulkarni welcomr to avast! forums.

Yes it is a highly compress file and not always malicious. Avast! may find one once in a while. It is better to leave them alone.

Could you give the location and name of the file ?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: What exactly is a DECOMPRESSION BOMB ?
« Reply #2 on: July 20, 2012, 12:25:20 PM »
@ jayduttkulkarni
In line with what you found:
Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system, also see:
<snip>
- decompression bomb is just something that unpacks to an unusually big amount of data even though it's rather small (i.e. has a high compression ratio, for example). It's nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it's an archive, but it seems like it is) because it may take VERY long to process.
<snip>

Also see this very old reply from one of the avast developers.

A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally.


The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security