Hey, I just received a .RAR file (filled with audio files) from a fairly new colleague/business partner. Scanned it with Avast and it mentioned it’s a decompression bomb. Well, without doing more research I unzipped it and was unable to remove it as the system basically frozes. I did fix the problem by simply re-installing the OS again.

But then, I started wondering, how are decompression bombs made? By that I mean, can they form accidentally with infected systems or system malfunctions? Or are they always made on purpose? The only reason I’m asking is so I can determine if the colleague is trustworthy.

Thanks in advance!

Zip bombs was a trick used in the old days to crash the unpack / scan engine and make way for real malware. zip bombs are usually not malicious itselfe

Info > https://en.wikipedia.org/wiki/Zip_bomb

avast is the only AV i have seen that use this detection, and it usually just mean a highly compressed file that avast will not unpack and scan

you can upload and test suspicious files here > www.virustotal.com / www.metadefender.com / www.jotti.org

If the file is scanned before, always click rescan for a fresh result