Not necessarily. Most traditional signature-based AVs scan compressed files only to a certain depth (often 3–5 recursion levels) to avoid “decompression bombs” themselves. Newer detect ratio anomalies—if a 10MB zip claims to output 1TB, they flag it. But attackers now split bombs into chunked archives or use encryption to bypass heuristic scans until the user supplies a password (often provided on a download page).
The concept of Zip bombs dates back to the early 2000s, when malicious individuals began experimenting with creating massive archive files designed to cause chaos on unsuspecting systems. Since then, Zip bombs have evolved to become more sophisticated, with larger and more complex archive files being created. 500 terabyte zip bomb download