Decompression Bomb: Weapon for Hackers and Nightmare for Users
- Anas Feroz
- February 23rd, 2018
What is Decompression Bomb? It is a threatening situation for you! If you ran a full scan of your PC using Anti-Virus or Pc Cleaner software which informs you that a file on your hard drive is a Decompression Bomb. Zip bomb or decompression bomb is a malicious file which is in compressed form. It is designed to crash your anti-virus and might crash your entire system as well.
The Zip Bomb or Decompression Bomb based on file compression technology. In order to gain knowledge how to prevent and remove this virus from your system and how it affects the performance, it is significant to know how these file compression software’s such as WinRAR and WinZip works.
Compression is a process which reduces the number of bits requires representing data. In order to understand it in a more simplified way, consider the following example:
1111511115511115551111 (22 characters)
The above example is consist of 22 characters. While reading the series, you can analyse that 1111 repeat many times. This repetition of the process also known as statistical redundancy. We can represent the same pattern numbers by compressing them into few bits as possible. Compressing of data actually means that we have to represent data in less than 22 characters. So how can we do that? It’s simple, replace every pattern of “1111” with any character or symbol, like for example replace with “@”. Alternately rather than using the full pattern directly, now we can use compressed form. To get the original form of pattern, it is compulsory to use instruction like for example
@5@55@555@ (10 characters)
Where @= 1111 (6 characters)
The first line shows the compressed data and the second line is the instruction. The instruction actually informs the system that we want to decompress the pattern of the data we should replace every @ with 1111 to regain the original form of data. Through this compression process now we represent 22 characters based data into 16 characters (10+6=16) for the same information. This is how compression process works.
You may notice that while using files compressing software’s like WinRAR and WinZip, you will find that sometimes the data compresses hardly and sometimes compression reduces the data in a smooth manner. These compression software’s analyses the data and deduct the pattern through statistical redundancy technique in order to represent data in smallest bits space possible.
The computer files based on the pattern of binary series or code (0’s and 1’s). Software’s like WinRAR and WinZip are programmed on algorithms compression method. This directs these software’s to go through the binary code and look for the patterns. By using the compression technique, patterns which are available in the data, replaced with one character against 4 or 5 or might be 10000 characters.
These patterns are useful while when it comes to making your favourite seasons and movies small enough space in your system to use it for other purposes. It is also useful to make your family photos small enough to email to others.
Hackers used decompression bomb files in order to crash your anti-virus application. Anti-virus is the only barrier which helps to inform the users about the decompression bomb files. Through crashing the antivirus when it unzips the files to scan but crashes due to running out of the memory.
The hackers first attack your system anti-virus. After crashing it they get the access to your system to send other typical viruses. These hackers might snatch data from your system and make your system crash as well. The most common types of zip bombs are:
It is a very small zip achieve file which is mostly in Kilobytes. When this file unzipped it contains more than what your system can handle. Classic zip bomb files are easily detected now by modern antiviruses and don’t affect your system much and can be easily removed by using different malware and cleaning tool kit.
It is considered as most deadly zip bomb which has the ability to crash your system. It is a zip file consisting of 42 kilobytes of compressed data. It contains five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte (4.3×109 bytes) file for a total of 4.5 petabytes (4.5×1015 bytes) of uncompressed data.
These are two most common zip bombs, but there are much more like and if you can easily create your own by watch tutorial on different websites. In order to know how to make zip bombs please go to the following link:
Various users after completing a full scan of their system saw a deduction of decompression bomb files. Most of the antiviruses are fail to remove decompression bomb and it makes your system slower. After applying some methods and using different software’s, three most useful and easy ways to remove decompression bomb are as follows:
Deduction of error by antivirus with the name of Decompression bomb 42110 error is an error which would be caused by damage that is directed to Windows files. To fix this error or in order to remove it from your system, you can use Reimage Repair Tool. It is free to download. It is a very strong software which is designed to detect malicious files and items in your system. It has the ability to find and repair your system with patent-pending technique. Here are the steps to remove decompression bomb by using Reimage Repair Tool.
This software is an effective solution to remove decompression bomb files detected by antivirus in your system. It helps to deploy, update necessary files for your system. It can repair the files when other methods fail to remove decompression bomb files especially those which makes your system slower. Here are the steps to run the JavaRa:
Although Temp File Cleaner is not suitable for Windows 8 and higher version it still works fine with an old version of Windows and other operating systems. TFC will clear all the temp files and folders in your system (Safari, Opera, Chrome, FF, java and IE temp).
It shows all the decompression bomb-related files removed from each area in bytes and total in MB’s. It also has the ability to remove %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs).
TFC fails to remove cookies, URL history and prefetch, based on how often you clean temp files and folders from system. It is the one of the most powerful software to remove decompression bomb files where other file cleaners may fail.
Important Note: TFC requires an immediate reboot after cleaning and fixed the decompression bomb threat. So be sure to save work before running the TFC cleaner.
In order to protect your system, you can’t do much to prevent yourself from being decompression bombed. Here are some precautions that you can take to protect your system from zipping or decompression bomb in the most possible way:
Although these zip and decompression bombs are not much effective in these days because most of the antiviruses are able to detect the decompression bomb in your system. But most of them still fail to remove these decompression bombs.