Decompression Quines and Anti-Viruses.

Data compression is ubiquitous to any information and communication system. It often reduces resources required to store and transmit data. However, the efficiency of compression algorithms also makes them an obvious target for hackers to mount denial-of-service attacks. In this work, we consider decompression quines, a specific class of compressed files that decompress to themselves. We analyze all the known decompression quines by studying their structures, and their impact on anti-viruses. Our analysis reveals that most of the anti-viruses do not have a suitable architecture in place to detect decompression quines. Even worse, some of them are vulnerable to denial-of-service attacks exploiting quines. Motivated by our findings, we study several quine detectors and propose a new one that exploits the fact that quines and non-quine files do not share the same underlying structure. Our evaluation against different datasets shows that the detector incurs no performance overhead at the expense of a low false positive rate.