A logic bomb is a piece of malicious code purposely inserted into software that executes when a specific set of conditions are met. An example would be one that starts deleting files from say a salary database should the company fire its creator.
Many malware variants contain logic bombs that execute specific payloads at predefined times or when certain conditions are met. The tactic allows the malware to spread before they get noticed. Some can attack the systems they’re dropped on a specific date like April Fools’ Day and so are often called “time bombs.”
Read More about a “Logic Bomb”
All logic bombs have unwanted and unknown payloads. The following sections answer some questions you might have about them.
How Does a Logic Bomb Work?
Disgruntled UBS PaineWebber employee Roger Duronio was sentenced to eight years in prison and ordered to pay US$3 million in damages in December 2006 for planting a logic bomb in the company’s network in 2002. The bomb deleted critical files from 1,000 computers. Duronio hoped the incident would cause UBS stock prices to drop after investing US$23,000 on option contracts. That way he would earn money should his hopes pan out. Unfortunately for him, the company’s stock prices were not affected.
Here’s a video that tells more about how a logic bomb works:
What Are Some Infamous Logic Bomb Attack Examples?
We have seen organizations succumb to logic bomb attacks over the years, including:
- Siemens: Contract programmer David Tinley pleaded guilty to charges of intentional damage to protected computers in July 2019 after sabotaging Siemens’s software hoping to get rehired to fix them. Tinley’s logic bomb caused the programs used to manage the company’s order system to malfunction after a specific date. Siemens asked Tinley to resolve the issue and even paid him US$42,000. Once caught, Tinley was handed a six-month federal prison sentence and ordered to pay a US$7,500 fine. After that, he needed to spend another two years under court-ordered supervision.
- Korean Broadcasting System (KBS) and others: The logic bomb had a predetermined date and time of execution. It began erasing data from infected systems on 20 March 2013 at precisely 2:00 P.M. (GMT +9). It wiped the hard drives and master boot records (MBRs) of affected Windows computers of at least three banks and two media companies. In effect, some of the banks’ ATMs ceased to operate. It also deleted data from connected Linux machines.
Are Logic Bomb Attacks Preventable?
The quick answer is yes. How? These best practices might help:
- Use robust and up-to-date antimalware. Solutions that routinely scan for malicious code on computers can sniff out a logic bomb.
- Use firewalls along with antimalware. These will scan all traffic and may prevent a logic bomb from entering your network.
- Do not download and install pirated software. Most of these applications are malware carriers.
- If you want to use freeware, download only from a reputable source. Like pirated software, freeware sometimes also hide malicious code.
- Keep your operating system (OS) up to date so it stays protected from vulnerabilities.
- Never click suspicious links or download email attachments, especially if you don’t know who sent them.
- If you run a company, protect all your computers individually. Train your staff, too, and let them know they are critical to its cybersecurity.
- Back up critical business data regularly. That way, you can restore systems to their original state in case you succumb to a logic bomb attack.
What Are the Characteristics of a Logic Bomb Virus?
A logic bomb virus is different from other types of malware. Below are some of its standout characteristics.
- Logic bombs need triggers. They are triggered by predetermined conditions, such as a specific date and the deletion of a particular file.
- Logic bombs can go undetected for long periods. They can sit on an organization’s system for years with no or minimal activity. The Siemens case mentioned above is an example of a logic bomb going undetected for years. It took two years for the company to detect that a logic bomb was causing the problem.
- The logic bomb’s payload is only known when it’s triggered. There’s no way of knowing what the malware is designed to accomplish until it gets executed.
What Is the Difference between a Time Bomb and a Logic Bomb?
Time bombs use a time or date as a detonation trigger. On the other hand, logic bombs can use any type of trigger, including a time and a date. In essence, time bombs are a type of logic bomb.
While logic bombs are hard to detect, cybersecurity best practices like those mentioned above may be able to help.
- A logic bomb is simply a type of malware that has specific triggers.
- An unlimited number of conditions can trigger a logic bomb, including a time and an action.
- Logic bombs and their payloads can go undetected for years.
- Using updated antimalware is one way to prevent logic bombs from affecting your computer.
- Free software from the Internet may serve logic bombs, so it’s best to only download from reputable sources.
- Pirated and cracked software can also contain logic bombs.
- People caught planting logic bombs can be imprisoned and ordered to pay thousands of dollars in penalties.