London, UK - 10 March 2004, 12:45 GMT - Decompression bombs are starting to make the rounds in cyberspace and pose a rising digital risk. Decompression bombs are specially crafted files designed to be decompressed into much larger files with bogus content that consume the available space, effectively using up all the disk space on the machine running the anti-virus scans. Data compression often works by coding repeat units of data - for example a string like "aaaaaaaaaa" could be represented as "a10". The vulnerability of this process is that an attacker could send a file containing "a1000000000...", which could result in a massive denial of service if any attempt is made to put it through a decompression engine.

[CONTINUES]

Full details of the February 2004 report are available as of 1st March 2004 and can be ordered from here. (To view contents sample please click here).

If you are already a member of the Inner Sanctum you should have been emailed a full copy. To retrieve the original article please fill out the order form.