What is logic bomb and How to safeguard against logic bomb attacks?

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fools’ Day. Trojans and other computer viruses that activate on certain dates are often called “time bombs”.It is also called slag code, programming code added to the software of an application or operating system that lies dormant until a predetermined period of time (i.e., a period of latency) or event occurs, triggering the code into action. Logic bombs typically are malicious in intent, acting in the same ways like a virus or Trojan horse once activated. In fact, viruses that are set to be released at a certain time are considered logic bombs. They can perform such actions as reformatting a hard drive and/or deleting, altering or corrupting data.

To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.

A logic bomb is a malware that is triggered by a response to an event, such as launching an application or when a specific date/time is reached. Attackers can use logic bombs in a variety of ways. They can embed arbitrary code within a fake application, or Trojan horse, and will be executed whenever you launch the fraudulent software.

Attackers can also use a combination of spyware and logic bombs in an attempt to steal your identity. For example, cyber-criminals use spyware to covertly install a keylogger on your computer. The keylogger can capture your keystrokes, such as usernames and passwords. The logic bomb is designed to wait until you visit a website that requires you to log in with your credentials, such as a banking site or social network. Consequently, this will trigger the logic bomb to execute the keylogger and capture your credentials and send them to a remote attacker.

A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met. The term comes from the idea that a logic bomb “explodes” when it is triggered by a specific event. Events could include a certain date or time, a particular record being deleted from a system or the launching of an infected software application.

The level of destruction caused by a logic bomb can vary greatly and the set of conditions able to set one off is unlimited. Common malicious actions that logic bombs are able to commit include data corruption, file deletion or hard drive clearing.

Unlike other forms of malware that break into a secure system, logic bomb attacks tend to be cyber-sabotage from a person within an organization who has access to sensitive data. One way that employees might exact revenge on a company if they believe they might be fired is to create a logic bomb that they diffuse each day, and that they alone are the only ones capable of putting off. That way, once they are no longer with the organization, the attack can begin, either instantly or after a pre-determined time period.

 What does the Logic Bomb mean?

A logic bomb is a malicious program timed to cause harm at a certain point in time but is inactive up until that point. A set trigger, such as a preprogrammed date and time, activates a logic bomb. Once activated, a logic bomb implements a malicious code that causes harm to a computer. A logic bomb’s application programming points may also include other variables such that the bomb is launched after a specific number of database entries. However, computer security experts believe that certain gaps of action may launch a logic bomb as well and that these types of logic bombs may actually cause the greatest harm. A logic bomb may be implemented by someone trying to sabotage a database when they are fairly certain they won’t be present to experience the effects, such as full database deletion. In these instances, logic bombs are programmed to exact revenge or sabotage work.

A logic bomb is also known as a slag code or malicious logic.

Logic bombs are normally used for malicious purposes, but they can also be used as a timer to prohibit a consumer from using certain software past a trial basis. In this case, unless the consumer ends up purchasing the software at the end of the free trial, a trial bomb will deactivate the program. If the vendor wants to be particularly nasty, it can program the trial bomb so that it takes other data along with it, not just the program data.

Logic bombs can be extremely damaging should they initiate cyber wars, something that concerns former White House counterterrorism expert, Richard Clarke. Clarke details his concerns about cyberwar in his book titled “Cyber War: The Next Threat to National Security and What To Do About It.” In the book, Clarke suggests that the U.S. is very vulnerable to this type of attack because its infrastructure is more dependent on computer networks than other modern countries. Clarke cautions that attackers could detonate logic bombs and all but shut down urban America’s transit and banking systems. In October 2009, the Pentagon apparently heeded Clarke’s warning when it developed the U.S. Cyber Command. As reassuring as this may be, civilian IT professionals have neglected to enlist cyberwar defense technologies to any great extent.

How logic bombs work

Logic bombs are secretly inserted into a computer network through the use of malicious code. The code can be inserted into the computer’s existing software or into other forms of malware such as viruses, worms or Trojan horses. It then lies dormant, and typically undetectable, until the trigger occurs.

Triggers can be categorized as positive or negative. Logic bombs with positive triggers happen after a condition is met, such as the date of a major company event. Negative triggers initiate a logic bomb when a condition is not met, such as an employee fails to enter the diffuse code by a certain time. Either way, when the conditions become true, the logic bomb will go off and inflict its programmed damage.

Why a Logic Bomb is Used

A logic bomb can be used by a disgruntled employee or other IT personnel that has the knowledge of how to program a logic bomb to threaten network security. Other than targeting a specific computer or network system, a logic bomb can also be used to demand money for software by creating a code that makes the software application into a trial version. After a specific period of time, the user must pay a specified sum of money to continue to use the software.

Logic bombs can also be used for blackmail and if the demand is not met, the logic bomb will detonate into a computer system or network to destroy data and perform other malicious acts that are included in the command codes.

Logic bombs are fairly easy to create if you have a lot of knowledge in computer programming and they do not replicate like other malicious programs. For this reason, logic bombs are usually targeted to specific victims and will not spread to unintended victims.

How to Detect a Logic Bomb

A logic bomb can be rather difficult to detect, however you can take security measures such as constantly monitoring the network system for any suspicious activity, using antivirus applications and other scanning programs that can detect any new activity in the data on a network system. The scanning systems should also monitor the entire network and the individual computers connected to the network.

How to safeguard against logic bomb attacks

While business continuity and disaster recovery (BCDR) plans should include how to handle a logic bomb after it executes, cybersecurity best practices can be followed to prevent them in the first place. This includes:

  • Periodically scan all files, including compressed files.
  • Maintain updated antivirus software.
  • Ensure that all users activate features like auto-protect and email screening.
  • Protect all computers within a network individually.
  • Provide a clear safe use policy to all employees and have them acknowledge their part in maintaining the safety and integrity of any data they have access to.

Prevention

Logic bombs are difficult to prevent because they can be deployed from almost anywhere. An attacker can plant the logic bomb via a variety of means on multiple platforms, such as hiding the malicious code in a script or deploying it on a SQL server.

For organizations, segregation of duties might offer protection against logic bombs. By restricting employees to specific tasks, a potential attacker will be exposed to carry out the logic bomb deployment, which may deter the subject to carry out the attack.

Most organizations implement a business continuity and disaster recovery plan that includes processes such as data backups and recovery. If a logic bomb attack were to purge critical data, the organization can enforce the disaster recovery plan and follow the necessary steps to recover from the attack.

To protect your personal systems, follow these tasks:

  • Do not download pirated software. Logic bombs can be distributed by exploits that promote software piracy.
  • Be careful with installing shareware/freeware applications. Ensure you acquire these applications from a reputable source. Logic bombs can be embedded within Trojan horses. Therefore, beware of fake software products.
  • Be cautious when opening email attachments. Email attachments may contain malware such as logic bombs. Use extreme caution when handling emails and attachments.
  • Do not click on suspicious web links. Clicking on an unsafe link may direct you to an infected website that may host the logic bomb malware.
  • Always update your antivirus software. Most antivirus applications can detect malware such as Trojan horses (which may contain logic bombs). Configure your antivirus software to routinely check for updates. If your antivirus software does not contain the latest signature files, it will be rendered useless against new malware threats.
  • Install the latest operating system patches. Not keeping up with operating system updates will make your PC vulnerable to the latest malware threats. Use the Automatic Updates feature in Windows to automatically download and install Microsoft security updates.
  • Apply patches to other software installed on your computer. Ensure that you have the latest patches installed on all of your software applications, such as Microsoft Office software, Adobe products, and Java. These vendors often release software patches for their products to fix vulnerabilities that can be used by cyber-criminals as means to deploy an attack, such as logic bombs.L ologicbombs can be damaging to your organization and personal systems. By having a plan in place along with updated security tools and procedures, you can mitigate this threat. In addition, proper planning will protect you from other high-risk threats.
For any Cyber Security information contact help@theweborion.com

Leave a Comment

Your email address will not be published. Required fields are marked *

20 + 8 =