Jump to content
Posted 04 March 2007 - 03:45 AM
Posted 04 March 2007 - 04:29 AM
Posted 04 March 2007 - 09:27 AM
Archive Bombs are not really Malware, but can crash Malware scanners.
The idea behind is simple: A Malware writer creates an archive file such as zip that is very small, but contains very large files. If a file is filled with the same characters, a 1 GB file can be compressed down to a few bytes. A Malware scan engine that supports scanning of archive files would try to unpack the content to the harddisk to scan, but fill up the disk with unpacked data until the system crashes.
Other archive bombs are manipulated archive files, that let the scanner unpack and scan in an endless loop.
The a-squared scan engine detects such archive bombs with a heuristic scan module. In some rare cases, regular archives are flagges as archive bombs if the content looks very similar to archive bombs.
Posted 04 March 2007 - 01:31 PM
0 members, 0 guests, 0 anonymous users