Zip Bomb - what it is, classic signs, and how to avoid decompression traps

Zip Bomb

What it is

A zip bomb (decompression bomb) is a tiny-looking archive that explodes into an enormous amount of data when you try to open or scan it. The goal is to freeze or crash your app (or even your antivirus) by using up CPU, RAM, or disk space. Examples and details: https://gridinsoft.com/zip-bomb

Why it matters

One small .zip can stall your PC, lock up your file manager, or blind your security tools so other malware can slip by.

How it works 

  • Extreme compression: repeats the same data so it expands to gigabytes/terabytes.

  • Nesting: zips inside zips inside zips to multiply the expansion.

  • Scan trap: makes AV and unpackers chew through endless data and time out.

Red flags

  • A very small .zip from an unknown sender or random website.

  • Archives that contain many nested folders or more .zip/.rar files inside.

  • Your unzip tool shows an enormous uncompressed size or freezes on open.

  • Antivirus logs mention a “decompression bomb” warning.

Do it right

  • Don’t open unexpected archives. If you must, scan first and use a sandbox or cloud viewer.

  • Set your unzip tool/AV to limit max file size and recursion depth.

  • Keep your antivirus and OS updated so they detect these traps.

  • Delete suspicious zips and empty the recycle bin to free space if you started extracting one.

    Threat Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Time Bomb

        What it is A time bomb is malware (or a hidden malicious feature) set to go off at a specific date or time. Until that moment, it stays quiet, then runs its payload - deleting files, encrypting data, stealing info, or opening a back door. It’s a ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • Fork Bomb

        What it is A fork bomb is a tiny program or command that clones itself over and over until your computer runs out of processes and resources. The system becomes slow or unresponsive - sometimes it crashes - because it’s too busy creating more copies. ...

      • XMRig Malware

        What it is XMRig malware is a cryptominer that sneaks onto your PC and secretly mines the Monero (XMR) cryptocurrency using your CPU/GPU. You’ll notice slower performance, hot fans, and higher power bills while attackers collect the coins. It often ...