What is a Logic Bomb?

Logic Bomb. Photo © Emmanuel Carabott

A logic bomb is malware that is triggered by a response to an event, such as launching an application or when a specific date/time is reached. Attackers can use logic bombs in a variety of ways. They can embed arbitrary code within a fake application, or Trojan horse, and will be executed whenever you launch the fraudulent software. Attackers can also use a combination of spyware and logic bombs in an attempt to steal your identity.

For example, cyber-criminals use spyware to covertly install a keylogger on your computer. The keylogger can capture your keystrokes, such as usernames and passwords. The logic bomb is designed to wait until you visit a website that requires you to log in with your credentials, such as a banking site or social network. Consequently, this will trigger the logic bomb to execute the keylogger and capture your credentials and send them to a remote attacker.

Time Bomb

When a logic bomb is programmed to execute when a specific date is reached, it is referred to as a time bomb. Time bombs are usually programmed to set off when important dates are reached, such as Christmas or Valentine’s Day. Disgruntled employees have created time bombs to execute within their organizations’ networks and destroy as much data as possible in the event that they are terminated. The malicious code will remain dormant as long as the programmer exists in the organization’s payroll system.

However, once removed, the malware is executed.

Prevention

Logic bombs are difficult to prevent because they can be deployed from almost anywhere. An attacker can plant the logic bomb via a variety of means on multiple platforms, such as hiding the malicious code in a script or deploying it on a SQL server.

For organizations, segregation of duties might offer protection against logic bombs. By restricting employees to specific tasks, a potential attacker will be exposed to carry out the logic bomb deployment, which may deter the subject to carry out the attack.

Most organizations implement a business continuity and disaster recovery plan that includes processes such as data backups and recovery. If a logic bomb attack were to purge critical data, the organization can enforce the disaster recovery plan and follow the necessary steps to recover from the attack.

To protect your personal systems, I recommend you follow these tasks:

Do Not Download Pirated Software

Logic bombs can by distributed by exploits that promote software piracy.

Be Careful with Installing Shareware/Freeware Applications

Ensure you acquire these applications from a reputable source. Logic bombs can be embedded within Trojan horses. Therefore, beware of fake software products.

Be Cautious When Opening Email Attachments

Email attachments may contain malware such as logic bombs. Use extreme caution when handling emails and attachments.

Do Not Click on Suspicious Web Links

Clicking on an unsafe link may direct you to an infected website that may host the logic bomb malware.

Always Update Your ​Antivirus Software

Most antivirus applications can detect malware such as Trojan horses (which may contain logic bombs). Configure your antivirus software to routinely check for updates. If your antivirus software does not contain the latest signature files, it will be rendered useless against new malware threats.

Install the Latest Operating System Patches

Not keeping up with operating system updates will make your PC vulnerable to the latest malware threats. Use the Automatic Updates feature in Windows to automatically download and install Microsoft security updates.

Apply Patches to Other Software Installed on Your Computer

Ensure that you have the latest patches installed on all of your software applications, such as Microsoft Office software, Adobe products, and Java.

These vendors often release software patches for their products to fix vulnerabilities that can be used by cyber-criminals as means to deploy an attack, such as logic bombs.

Logic bombs can be damaging to your organization and personal systems. By having a plan in place along with updated security tools and procedures, you can mitigate this threat. In addition, proper planning will protect you from other high-risk threats.