A logic bomb is a piece of code, or a program, which lies dormant within a system until a specific event triggers it, kind of like a ‘sleeper agent’.
Logic Bomb Triggers
There are probably an infinite number of triggers for a logic bomb that you could think of but some of the more common ones would be –
- The host system reaches a certain pre-programmed date or time
- A specific message is sent by the programmer or, alternatively, is not received by a certain time
- A trigger point is added or removed from a website that the logic bomb is regularly checking
- A file that is being monitored increases or decreases in size
- A specific user is added or deleted from a system or database
The Purpose Of Logic Bombs
Logic bombs are deployed for a variety of reason some of which are more ‘legitimate’ than others.
For example, a software vendor could code a logic bomb into a piece of software.
This would then allow them to distribute that software as a free trial with a paid upgrade version.
If the user doesn’t pay the upgrade within the required time frame then the logic bomb could delete all the files, restrict usage of the product, or otherwise render the piece of software unusable.
More nefarious usage of logic bombs include deleting files.
For example, an employee could set one up to delete his employer’s databases should he not be able to enter a code at certain intervals, thereby ensuring he extracts a level of revenge should he ever get fired.
Another use of logic bombs is in the deployment of viruses and worms.
For example, it was widely believed that the recently infamous Confiker worm contained a logic bomb that was designed to activate or change the worms purpose on April the 1st this year.