What is a logic bomb?

A logic bomb is a set of instructions in a program carrying a malicious payload that can attack an operating system, program, or network. It only goes off after certain conditions are met.


Also for WindowsiOSAndroidChromebook and For Business

A logic bomb may sound like a nugget of truth you drop on your friends to demonstrate your intelligence, but in computing, it’s a cybersecurity attack. Not only can logic bombs wipe your precious data, but they may bring your operations to a halt. And just like real bombs, these threats can hit your organization when you least expect them.

What is a logic bomb in simple words?

A logic bomb is a set of instructions in a program carrying a malicious payload that can attack an operating system, program, or network. It only goes off after certain conditions are met. A simple example of these conditions is a specific date or time. A more complex example is when an organization fires an employee and logs their dismissal in their system.

A logic bomb usually carries a computer virus or a computer worm. Even though some people use the two terms interchangeably, they’re not the types of malware. Let’s understand the worm vs virus debate better:

  • A computer virus is a malicious program that spreads by infecting files and corrupting or deleting data. Computer viruses are handy components of logic bombs that can be designed by disgruntled employees looking for revenge.
  • A computer worm is similar to a computer virus but can be more sophisticated. Unlike a virus, a worm doesn’t need human action to propagate once inside a network. Additionally, a worm can drop more threatening malware like ransomware, rootkits, and spyware.

What makes logic bombs dangerous?

The secretive nature of logic bombs can make them dangerous. Not only do they lie asleep like a volcano waiting to erupt, but their payloads are an unknown threat. Targets of these attacks can be caught by complete surprise. Additionally, catching the threat actor behind the attack isn’t a straightforward task because evidence can be destroyed during the finishing stage of a logic bomb. Moreover, attackers can use the extra time to cover their tracks.

Examples of logic bombs

Although logic bombs are a common attack vector for disgruntled employees, state-sponsored agents can also use them. One of the most frequently told examples of a logic bomb incident occurred in 1982 and was known as the Trans-Siberian Pipeline incident. The story of this incident had the makings of a spy movie, from the KGB and the CIA to secret documents and international intrigue. Interestingly, it may have sounded like a spy novel because some of the story could have been a hoax. If you search the web for information on this incident, you’ll find various versions of the story.

Additional examples of logic bombs include:

2000: A securities trader and programmer at Deutsche Morgan Grenfell was indicted before a grand jury. Thankfully, his logic bomb from 1996 was discovered before it was set to go off in 2000.

2003: A logic bomb from a Unix administrator at Medco Health Solutions didn’t go off because of a programming error. It was discovered and disabled by another administrator when he tried again. The culprit was sentenced to prison and fined $81,200.

2006: A system administrator for Swiss multinational investment bank UBS Group AG executed a logic bomb to damage its network and depreciate its stock. He was sentenced to over eight years in prison and fined over $3 million.

2008: An IT contractor’s logic bomb was set to wipe off all of the mortgage giant Fannie Mae’s 4000 servers but was stopped in time. The contractor was sentenced to 41 months in prison.

2013: A logic bomb against South Korea wiped data at multiple banks and media companies.

2019: A Siemens Corporation contract employee was caught after planting logic bombs in the programs he designed. His goal was to get more work from the company to repair the damage.

Was Stuxnet a logic bomb?

Stuxnet was a highly sophisticated cyberweapon. It had multiple components like a rootkit that helped it evade detection. You might argue that Stuxnet had a logic bomb component because it waited for a particular set of criteria to be met before sabotaging fast-spinning centrifuges by manipulating their frequency and rotational speed.

How to stop logic bomb virus and malware attacks

To protect your devices and data from logic bomb attacks, you need to follow some cybersecurity basics. Start by downloading intelligent antivirus and anti-malware software that uses artificial intelligence (AI) to stop a malicious payload with unknown signatures. Update your software regularly to close vulnerabilities and shield your network. And invest in regular backups to recover from disaster.

But stopping logic bombs can be more complex if the danger is internal. To stop such threats, you may need to harden your hiring practices, enhance your security checks, and use legal means to monitor staff and contractors. A good Endpoint Detection and Response tool can also block attack vectors, prevent malicious downloads, and offer malware remediation driven from the cloud.