Email Bombs

Designed to overflow targets’ email boxes. Decompression bombs are specially developed files meant to be decompressed into much larger files with fake content. They consume much available space and use the disk space on the computer running the anti-virus scans. Decompression bombs are becoming an increasing digital risk.

The rapid spread of a recent Bagle variant serves as a case in point. It propagated by enticing recipients of infected emails to open an encrypted ZIP file and provide a password in the message body. The Bagle variant’s rapid spread further demonstrates that attempts to educate computer users about the perils of opening attachments have been somewhat futile. Though companies have regularly deployed anti-virus software scanners to remove executable attachments from sent and received emails, the bad news is that employees wishing to send executable attachments or large files have used ZIP files to bypass the scanners.

The good news for malware developers is that encryption scrambles the contents of the ZIP file, making it very hard for email virus scanners to locate the viral signatures as messages go through corporate email servers, thus making them fertile ground for a Denial of Service attack. In the future, Bagle-type variants could possibly use a decompression bomb to steal information or run harmful arbitrary code.

See Also: Anti-Virus Software; Electronic Mail or Email; Encryption or Encipher; Password; Scanner; Signature.