Summary
- Logic bombs are embedded in software and activate upon meeting specific conditions, making them hard to detect.
- Insiders typically create logic bombs to target specific entities, and they can be hidden within other malware.
- Detection and prevention of logic bombs requires code audits to prevent malicious code and monitoring software behavior for abnormalities.
You’re probably familiar with the famous types of malware such as viruses, trojans, and worms. However, logic bombs are less well-known, probably because the average person is unlikely to be the victim of one. So, what are they?
What Is a Logic Bomb?
Logic bombs are actually extremely simple in concept. Its malicious code is embedded in otherwise unremarkable software. The code waits until a specific condition has been met, then the bomb goes off, delivering its payload.
Logic bombs are particularly insidious because until the pre-programmed conditions are met, they simply do nothing. In the case of a virus, for example, the malware is trying to spread itself and will behave in ways that seem suspicious to antivirus software. Also, since logic bombs are usually created to hit a specific target, you can’t rely on the equivalent of a virus signature.
How Logic Bombs Work and Are Triggered
A programmer creates a logic bomb to sit and wait for very specific conditions to happen. This can be when a certain date and time is reached, when you delete a specific file, or when a specific user logs on to a workstation. One of the factors that make this form of malware so hard to deal with is that it is so specific.
Logic bombs are most usually created by insiders who have a specific grudge or goal in regard to a particular target. That target can a person, a company, or anything that the creator of the bomb chooses to define.
It’s also important to know that logic bombs can be the payload of other types of malware. So a virus or trojan could infect a system, place a logic bomb, and then delete itself.
Famous Examples of Logic Bomb Attacks
There have been a few examples of successful logic bombs in history. One of the most recent as of this writing was the discovery in 2023 that Newag trains were programmed to break down if the GPS reported that they were being serviced at a competitor’s workshop. In 2013, a logic bomb wiped the hard drives of three South Korean banks and two media companies at the exact same time.
There have been some attempted logic bomb attacks that were thwarted in time. In 2008, for example, the American mortgage company Fannie Mae, discovered a logic bomb planted by an IT contractor. Had it gone off, all the company’s servers would have been wiped clean.
How To Detect and Prevent Logic Bombs
Logic bombs are hard to detect and preventing them is perhaps even harder. There’s no magic software you can load to protect against them and there are only a few ways to try and catch them before they trigger.
Code audits are crucial to ensure no malicious code makes it into software. This is particularly important if you or your company write your own software, and many people have access to the source code. As I mentioned above in the examples, it’s not uncommon for a disgruntled programmer or other former employee to plant a logic bomb, which then goes off long after they’re gone. It may also be too late to link the logic bomb to that individual in some cases.
Monitoring for abnormal software behavior is another way to detect a logic bomb, but again, this is tough because some logic bomb payloads wouldn’t trigger any immediate alarms.
Prevention is the most important way to avoid the damage that logic bombs can cause. This usually means screening who has access to a program’s code, as well as all the usual cybersecurity staples, such as training people not to download random software from the internet.
