It starts with a click. An employee downloads what looks like a routine invoice or project file in an email—and your security scanner crashes. That tiny attachment just expanded to petabytes, consuming every available system resource before detection could complete.

This is the zip bomb download. With 60% of breaches involving a human element, attackers craft convincing emails that prompt users to download malicious archives, weaponizing both human trust and the scanners meant to protect them.

When a secure email gateway (SEG) attempts to scan what appears to be a harmless compressed file, it unknowingly triggers a resource exhaustion attack. A tiny attachment suddenly expands to massive proportions, consuming all available memory and CPU cycles before detection can complete. Your scanner crashes. Your gateway hangs. And the threat either slips through undetected or brings your email infrastructure to its knees.

For security teams protecting enterprise email environments, zip bomb downloads represent a fundamental challenge: how do you defend against an attack specifically engineered to exploit the defensive process itself? Understanding how these attacks work—and why traditional detection fails—is the first step toward building effective defenses.

Defending against zip bombs requires a layered security approach—different tools address different stages of the attack lifecycle, from email delivery to file extraction to system-level protection.

Zip bombs are malicious archive files that attackers engineer to exhaust system resources during decompression. The attack exploits compression algorithms that achieve extreme ratios, packing massive amounts of repetitive data into tiny files that expand exponentially when opened.

The most infamous example is 42.zip: a 42-kilobyte file that expands to 4.5 petabytes when fully decompressed, yielding a compression ratio of approximately 107 billion to 1. When triggered, these attacks consume all available RAM, CPU cycles, and disk space before any security tool can complete its analysis.

Recursive zip bombs use nested archive layers, with each layer multiplying the previous layer's expansion.

Non-recursive variants achieve similar results through overlapping file references within a single archive layer, presenting greater detection challenges because they bypass depth-checking security controls.

Security professionals use multiple terms interchangeably for this attack type—zip file bomb, zip of death, decompression bomb, and archive bomb all describe the same threat. According to OWASP standards, practitioners commonly refer to these threats as "zip bombs" or "decompression bombs," with decompression bomb representing the more technically formal term encompassing all compression-based resource exhaustion attacks regardless of format.

Attack vectors span beyond ZIP files to include GZIP, BZIP2, and Brotli compression formats. Understanding this terminology overlap helps security professionals recognize that defensive controls must address the underlying technique rather than any single file format.

Traditional scanners face an inescapable architectural flaw: they must decompress files to scan them, which triggers the attack they're trying to prevent. Signature databases require decompressing files to pattern-match known malware, but decompression triggers resource exhaustion that crashes the scanner before detection completes.

Scanners cannot reliably predict decompressed file sizes without performing actual decompression, and resource commitment occurs before malicious determination is possible.

The attack sequence unfolds predictably:

• Scanner receives compressed attachment

• Scanner must decompress to inspect contents

• Resource exhaustion occurs during decompression

• Scanner crashes, hangs, or times out

• Threat either passes through the gateway or creates a denial-of-service condition

Multiple vulnerabilities in modern security systems confirm this pattern, and attackers continue refining tactics to trick users into initiating a download zip bomb attack through convincing email lures. Threat actors now exploit corrupted ZIP files and Office documents to bypass email filters, demonstrating continuous tactical adaptation.

Effective zip bomb detection analyzes behavioral signals and contextual patterns before any decompression occurs. This approach evaluates suspicious compressed attachments without triggering resource exhaustion.

Detection operates through multiple pre-decompression signals:

• Sender reputation analysis examines the historical behavior and trustworthiness of email senders. A compressed attachment from an unknown sender with no prior communication history warrants greater scrutiny than one from an established business contact. Systems evaluate domain age, authentication records, and past sending patterns to assess risk before any file processing occurs.

• Communication pattern analysis profiles typical email behavior within an organization. Frequency-based user modeling detects anomalous email behavior by profiling typical recipients and communication patterns. When an employee who never receives compressed files suddenly receives a ZIP attachment, or when attachments arrive outside normal business hours from unusual geographic locations, these deviations signal potential threats.

• Contextual signal aggregation combines multiple weak indicators into stronger threat signals. File naming conventions, attachment sizes relative to claimed content, email urgency language, and recipient targeting patterns each provide information that, when analyzed collectively, identifies malicious intent before decompression becomes necessary.

Preventing malicious email delivery is not the same as inspecting archive contents—email security complements file inspection tools by stopping threats upstream, before extraction is ever attempted.

These signals reflect industry-wide indicators used across different security layers; email security platforms focus on sender, context, and delivery patterns rather than inspecting archive internals.

Organizations prevent zip bomb attacks through layered technical controls combined with operational awareness practices. Resource limitation controls provide an important component of defense-in-depth strategies.

Behavioral analysis at the email level identifies suspicious compressed attachments before they reach users or scanning infrastructure. Detection operates through sender reputation patterns, communication behavior profiling, and contextual signal aggregation that flags anomalous compressed file deliveries based on historical patterns and relationship context.

Email-layer prevention reduces exposure by stopping malicious delivery, while archive inspection, decompression limits, and resource controls are enforced by gateway, endpoint, and system-level technologies.

Here are some helpful steps to take:

• Implement multi-threshold compression ratio analysis at the gateway level (1:100 for screening, 1:10 for alerts, 1:1000 for blocking).

• Configure timeout thresholds for archive processing tied to resource exhaustion monitoring.

• Establish memory allocation caps for scanning processes.

• Deploy host segregation architectures isolating decompression operations from production systems.

User awareness remains essential. Security teams should ensure employees understand the risks of unexpected compressed attachments, particularly from unfamiliar senders or with unusual file characteristics.

Behavioral AI eliminates the fundamental limitation traditional signature-based detection faces by analyzing patterns before decompression occurs. This includes sender behavior patterns and email metadata anomalies.

For email security, this shift eliminates the need to decompress files during threat detection by identifying risk through behavioral and contextual signals instead. A compressed attachment from a first-time sender, delivered outside normal business hours, targeting recipients who don't typically receive such files triggers investigation based on behavioral signals before any file processing occurs.

Anomaly-based detection offers advantages for novel threats like zip bombs that lack existing signatures, demonstrating superior adaptability compared to signature-based methods for zero-day threats.

For security teams facing the scanner evasion problem, detection approaches that operate without full decompression represent a necessary architectural shift: protection that doesn't depend on winning an unwinnable technical race against attackers who designed their weapons specifically to exploit that race.

Behavioral email security reduces upstream risk by preventing malicious delivery, while file inspection tools and endpoint controls handle threats that reach later stages. Abnormal's behavioral AI approach exemplifies this email-focused defense by analyzing sender behavior and communication context to prevent malicious delivery before any file extraction or decompression is attempted. To learn how Abnormal helps close the email delivery gap, schedule a demo.