A logic bomb is a piece of malicious code purposely inserted into software that executes when a specific set of conditions are met. An example would be one that starts deleting files from say a salary database should the company fire its creator.
Many malware variants contain logic bombs that execute specific payloads at predefined times or when certain conditions are met. The tactic allows the malware to spread before they get noticed. Some can attack the systems they’re dropped on a specific date like April Fools’ Day and so are often called “time bombs.”
Read More about a “Logic Bomb”
All logic bombs have unwanted and unknown payloads. The following sections answer some questions you might have about them.
How Does a Logic Bomb Work?
Disgruntled UBS PaineWebber employee Roger Duronio was sentenced to eight years in prison and ordered to pay US$3 million in damages in December 2006 for planting a logic bomb in the company’s network in 2002. The bomb deleted critical files from 1,000 computers. Duronio hoped the incident would cause UBS stock prices to drop after investing US$23,000 on option contracts. That way he would earn money should his hopes pan out. Unfortunately for him, the company’s stock prices were not affected.
Here’s a video that tells more about how a logic bomb works:
Infamous Logic Bomb Examples
We have seen organizations succumb to logic bomb attacks over the years, including:
- Siemens: Contract programmer David Tinley pleaded guilty to charges of intentional damage to protected computers in July 2019 after sabotaging Siemens’ software hoping to get rehired to fix them. Tinley’s logic bomb caused the programs used to manage the company’s order system to malfunction after a specific date. Siemens asked Tinley to resolve the issue and even paid him US$42,000. Once caught, Tinley was handed a six-month federal prison sentence and ordered to pay a US$7,500 fine. After that, he needs to spend another two years under court-ordered supervision.
- Korean Broadcasting System (KBS) and others: The logic bomb had a predetermined date and time of execution. It began erasing data from infected systems on 20 March 2013 at precisely 2:00 P.M. (GMT +9). It wiped the hard drives and master boot records (MBRs) of affected Windows computers of at least three banks and two media companies. In effect, some of the banks’ ATMs ceased to operate. It also deleted data from connected Linux machines.
Are Logic Bomb Attacks Preventable?
The quick answer is yes. How? These best practices might help:
- Use a robust and up-to-date antimalware. Solutions that routinely scan for malicious code on computers can sniff out a logic bomb.
- Use firewalls along with antimalware. These will scan all traffic and may prevent a logic bomb from entering your network.
- Do not download and install pirated software. Most of these applications are malware carriers.
- If you want to use freeware, download only from a reputable source. Like pirated software, freeware sometimes also hide malicious code.
- Keep your operating system (OS) up to date so it stays protected from vulnerabilities.
- Never click suspicious links or download email attachments, especially if you don’t know who sent them.
- If you run a company, protect all your computers individually. Train your staff, too, and let them know they are critical to its cybersecurity.
- Back up critical business data regularly. That way, you can restore systems to their original state in case you succumb to a logic bomb attack.
While logic bombs are hard to detect, cybersecurity best practices like those mentioned above may be able to help.