Publication Date:
04/19/2016

Description

These Trojans are archives designed to freeze or slow performance or to flood the disk with a large amount of “empty” data when an attempt is made to unpack the archived data. So-called archive bombs pose a particular threat for file and mail servers when an automated processing system is used to process incoming data: an archive bomb can simply crash the server.

This type of Trojan uses three types of “bomb”:

malcrafted archive headers
repeating data
identical files in the archive.
Malcrafted archive headers or corrupted data in an archive can cause a specific packer or unpacking algorithm to crash when processing the archive contents.

The large size of files that contain repeating data make it possible to pack the file into a small archive (i.e. 5GB of data can be packed into a 200KB RAR or a 480KB ZIP archive).

A large number of identical files in an archive will also have very little impact on the size of the archive when they are packed using special methods (for example, there are ways to pack 10100 identical files into a 30KB RAR or a 230KB ZIP archive).

Read more

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.