A zip bomb is just a zip file that contains very well compressed stuff, and typically contains more zip files. Getting a 1000-to-1 compression ratio (that is, 1 megabyte ZIP file expands into 1000 megabytes of files) is doable, and would be a good first step in building a zip bomb. Do this a few times, put a few copies of the resulting ZIP file into a ZIP file, maybe ZIP that up, and so on. If you were to extract the ZIP file the RAM and/or disk usage would be shockingly high.

There is a well known zip bomb named 42.zip, known for being about 42 kilobytes, and decompressing into terabytes of data when all its layers are fully unpacked. There is also a proof of concept zip file that contains 2 files: a picture, and then *itself*, resulting in an infinite ZIP unpacking process.

There is software, most notably antivirus, that will unpack ZIP files because automatically. Zip bombs were originally designed to wreak havoc on these programs. They have since been modified to recognize a probable zip bomb and deal with it, probably by detecting it as a type of virus by itself.