What the hell’s an Arc Bomb?

An Archive Bomb is one of those very stupid pieces of malware that almost no one has heard of. In the early days of virus development, everyone wanted to crash the network just to prove they could do it. This is reminiscent of the mindless vandalism of the the statue of the Madonna and the Christ child that some asshole did with a hammer years ago. It took Michaelangelo years to create it and it took the jerk seconds to destroy it.

Well malware creation has also moved into a very creative and profitable endeavor. Even when the motive isn’t profit you get more bragging rights with a good denial of service attack against SCO, false ads overlaying the real ones on Google and Koran verses replacing porn pictures.

On the other hand a well crafted network of bots or zombie porn servers delivering kiddie porn, spam or phishing are worth real money. So no one designs a non-profit arcbomb to shut down machines without a motive. Just think who would destroy an asset worth real money. If someone allowed you to steal their car, drive it as fast as you wanted and paid for the gas for life, you would never destroy it. Even if you stole a faster car, you would keep it around as a spare and leave it rust but never intentionally trash it.

That’s why destructive Trojans make no senses unless there is an issue of kiddie porn, national security or some other compelling reason. Hey, design the Trojan to take out the machine and when the person takes it to get repaired, they self incriminate.

The first encounter with this was when I heard it described in this kiddie porn trial. The video shut down, Chuck (Charles Stephano) took it in for repairs and bam, he got raided. When I started researching the topic, One machine shut down, and a second and third were half blind. The techie said signal out of range 74 KHz and that’s the signal I got three times. Needless to say, I never asked for help with repairs.

So when researching Trojans in general, I stumbled on an arcbomb or archive bomb. This is when an old compressed file is opened by your antivirus for inspection and BOING it explodes because it has been compressed and recompressed 18 to 20 times so a 7k file expands to fill the drive. Now in the old days this might have been a threat because drives were so small and I paid no attention to it. UNTIL, I was installing programs on my thumb drive that could be concealed and my antivirus got hung on an infinite loop and then froze.

I was about to throw the thumb drive out until, my resident geek suggested we take it apart. We sorted all text files and found one that filled the bulk of the drive. We tried to open it but everything froze. We took the cowards way out and deleted the text file. We then deleted all compressed files and now the drive is working. His comment – “I never believed all your crap till I saw that” – Thanks CE, but he also warned I should try to reside in the real world most of the time even when I’m living life on the technological edge because a lot of people might doubt it otherwise.

2 Responses to “What the hell’s an Arc Bomb?”

  1. Erhard Erdmann Says:

    Yeah, thats what an arcbomb is . . . sort of. Arc bombs still get used today to crash firewalls,pcs etc. An arcbomb is basically a very compressed form of data used to crash computers by overloading the memory. A file is not compressed 18 to 20 times however, because most compression techniques get pretty close to entropy after one round of compression, maybe two. The easier alternative is to use a file with an insane amount of redundancy, the number ten to the power hundred is called a googol, if you raise ten to the power of a googol, you obtain a number called a googolplex. When a googolplex is written as a normal ASCII text file it consumes around 10GB of disk space, compressed its around 30KB. So when your pc/firewall etc tries to decompress it to check content . . . well yeah, you get the picture.

  2. Erhard Erdmann Says:

    Actually, no . . I was wrong. A googolplex would take like a couple of billion years to compute/write to file/whatever. Ten to the power of like tens of billions computes to a 10 GB file, that’s light years smaller than a googolplex.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: