top of page

What is a Logic Bomb?

  • Writer: Rolando Ramos
    Rolando Ramos
  • 3 days ago
  • 2 min read

Threat Type: Logic Bomb


Threat Category: Malware-Based Threat


Cyber Threat Indicators


A logic bomb is malicious code intentionally inserted into a software system that remains dormant until a specific set of conditions is met. Once triggered, it executes a malicious action, known as the payload.


It's a form of digital sabotage, often considered a type of malware, and is particularly dangerous due to its stealthy nature.


Core Characteristics


Logic bombs are defined by the following key features:


Dormancy: The malicious code lies inactive and undetected within a system, often for months or even years, blending in with legitimate software. This makes them difficult to find with standard security scanning tools until the moment of detonation.


Trigger Mechanism (Logical Condition): They require a specific, pre-defined event or condition to be satisfied before they activate. This condition can be a specific date, a time, or a complex system state.


Payload: This is the harmful action the code performs when triggered. The payload is typically destructive and undisclosed to the user.


Insertion Method: They are usually inserted by an insider threat (like a disgruntled employee, contractor, or system administrator with high-level access) or are included as a component within other malware (like a virus or worm).


No Self-Propagation: Unlike a computer virus or worm, a logic bomb generally does not replicate or spread to other systems on its own; it waits in the specific location where it was planted.


Common Examples and Tactics


Time-Based Triggers (Time Bombs): The bomb activates on a specific date and/or time (e.g., "Delete all files on December 31st at midnight"). This is a simple but highly effective type of logic bomb.


Event-Driven Triggers: The bomb activates when a specific event occurs within the system or network. Examples include:


  • An employee's user account being deleted from the payroll system (a common tactic by disgruntled former employees).

  • A specific file being accessed a certain number of times.

  • A certain system process failing or a predefined network condition being met.


Condition-Based Triggers: Activation hinges on a set of highly specific system states (e.g., if a certain file is missing AND a specific application is running).


Negative Triggers: The bomb activates when a condition is not met (e.g., if a "deactivation code" is not entered by a specific date).


Historical Examples and Tactics


Disgruntled Insider Attack (UBS PaineWebber, 2002): A former system administrator, unhappy with his bonus, planted a logic bomb set to wipe out over 2,000 corporate servers. The logic bomb was triggered after he had left the company.


Extortion/Repeat Business (Siemens Contractor): A contract employee inserted logic bombs into custom spreadsheet software. The bombs were set to periodically cause malfunctions, requiring the company to continuously hire him back at a fee to "fix" the problem he secretly caused.


Large-Scale Sabotage (South Korea Banking Attack, 2013): A coordinated attack used malware containing a logic bomb that simultaneously wiped the hard drives and master boot records of multiple banks and media companies on a specific date, causing massive disruption.


---


VIIEGO the human security agency for human security research and consulting in identity manipulation and fraud prevention to decode human behavior and secure your identity.


www.viiego.com | Protect What's Yours.

How Can We Help?

VIIEGO

Privacy Policy | Legal Statement

bottom of page