An Archive Bomb is one of those very stupid pieces of malware that almost no one has heard of. In the early days of virus development, everyone wanted to crash the network just to prove they could do it. This is reminiscent of the mindless vandalism of the the statue of the Madonna and the Christ child that some asshole did with a hammer years ago. It took Michaelangelo years to create it and it took the jerk seconds to destroy it.
Well malware creation has also moved into a very creative and profitable endeavor. Even when the motive isn’t profit you get more bragging rights with a good denial of service attack against SCO, false ads overlaying the real ones on Google and Koran verses replacing porn pictures.
On the other hand a well crafted network of bots or zombie porn servers delivering kiddie porn, spam or phishing are worth real money. So no one designs a non-profit arcbomb to shut down machines without a motive. Just think who would destroy an asset worth real money. If someone allowed you to steal their car, drive it as fast as you wanted and paid for the gas for life, you would never destroy it. Even if you stole a faster car, you would keep it around as a spare and leave it rust but never intentionally trash it.
That’s why destructive Trojans make no senses unless there is an issue of kiddie porn, national security or some other compelling reason. Hey, design the Trojan to take out the machine and when the person takes it to get repaired, they self incriminate.
The first encounter with this was when I heard it described in this kiddie porn trial. The video shut down, Chuck (Charles Stephano) took it in for repairs and bam, he got raided. When I started researching the topic, One machine shut down, and a second and third were half blind. The techie said signal out of range 74 KHz and that’s the signal I got three times. Needless to say, I never asked for help with repairs.
So when researching Trojans in general, I stumbled on an arcbomb or archive bomb. This is when an old compressed file is opened by your antivirus for inspection and BOING it explodes because it has been compressed and recompressed 18 to 20 times so a 7k file expands to fill the drive. Now in the old days this might have been a threat because drives were so small and I paid no attention to it. UNTIL, I was installing programs on my thumb drive that could be concealed and my antivirus got hung on an infinite loop and then froze.
I was about to throw the thumb drive out until, my resident geek suggested we take it apart. We sorted all text files and found one that filled the bulk of the drive. We tried to open it but everything froze. We took the cowards way out and deleted the text file. We then deleted all compressed files and now the drive is working. His comment – “I never believed all your crap till I saw that” – Thanks CE, but he also warned I should try to reside in the real world most of the time even when I’m living life on the technological edge because a lot of people might doubt it otherwise.