In the digital world, size can be deceiving. The image New Files (205).jpg refers to one of the most infamous files in cybersecurity history: the “Zip Bomb,” specifically one known as 42.zip.

What is a Zip Bomb? On your computer, a ZIP file is like a suitcase where you fold your clothes to make them smaller. When you open it, the computer unfolds them. A Zip Bomb is a suitcase that looks small, but when you open it, it explodes with enough “clothes” to fill a stadium.

The Math of 42.zip The file 42.zip is a masterpiece of malicious compression. On your hard drive, it sits harmlessly, taking up only 42 kilobytes (about the size of a small Word document). However, it utilizes a technique called “recursive compression.” Inside the zip file are 16 other zip files. Inside each of those are 16 more. This goes down 5 levels. At the bottom layer, there are millions of files consisting of repeating zeros.

When a computer or antivirus program tries to “unzip” or scan this file to check for viruses, it triggers a chain reaction. The data expands exponentially. The final uncompressed size of 42.zip is approximately 4.5 Petabytes.

How Big is 4.5 Petabytes? To put that in perspective:

1 Petabyte is 1,000 Terabytes.

The entire internet archive was estimated at around 10 to 20 Petabytes a few years ago.

4.5 Petabytes is roughly equivalent to 900,000 DVDs.

Why Does It Exist? Zip bombs aren’t usually designed to steal your data; they are designed to distract or crash systems. Hackers often send them to corporate servers or antivirus engines. The antivirus software tries to scan the file, gets overwhelmed by the endless data, and consumes all the system’s memory (RAM) and processing power. The computer freezes or crashes (a Denial of Service), potentially allowing other real viruses to sneak past while the guard is down.