These Trojans are archived files coded to sabotage the de-compressor when it attempts to open the infected archived file. The victim machine will slow or crash when the Trojan bomb explodes, or the disk will be filled with nonsense data. ArcBombs are especially dangerous for servers, particularly when incoming data is initially processed automatically: in such cases, an ArcBomb can crash the server.
There are three types of ArcBombs: incorrect header in the archive, repeating data and a series of identical files in the archive.
An incorrect archive header or corrupted data can both cause the de-compressor to crash when opening and unpacking the infected archive.
A large file containing repeating data can be packed into a very small archive: 5 gigabytes will be 200 KB when packed using RAR and 480 KB in ZIP format.
Moreover, special technologies exist to pack an enormous number of identical files in one archive without significantly affecting the size of the archive itself: for instance, it is possible to pack 10100 identical files into a 30 KB RAR file or a 230 KB ZIP file.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment