[Dshield] Decompression Bombs

jayjwa jayjwa at atr2.ath.cx
Fri Feb 6 15:32:27 GMT 2004



On Thu, 5 Feb 2004 I-forget-who wrote:

> > For those wanting to test/break something, you can download the file
> > from http://www.unforgettable.dk/42.zip.
> >
> > It's a 42k zip file that contains 16 zip files, each with 16
> > zip files,
> > each with 16 zip files, with 16 zips, with 16 zips, which
> > each contain a
> > single 4.3GB file.  Total extracted filesize (without overhead) of
> > 4,503,599,626,321,920 bytes.

What about unzip -l file.zip? If I didn't ask for an attachment, and
didn't recognize the sender, I _immediately_ consider it as possible
malware/virus/bad-thingy, and will take steps to safely handle it, if I
even have interest in it, if not, shred -uv <file>, and it's history.

The -l switch to Linux's unzip clearly shows somethings odd with the file,
even without opening it.

[jayjwa]RLF#37






More information about the list mailing list