Logic Bomb

What is a Logic Bomb?

A logic bomb is a piece of malicious code that is intentionally inserted into a software system and set to execute when certain conditions are met, such as a specific date, the deletion of a user account, or the launch of a particular program. Logic bombs are often used to cause harm, disrupt operations, or delete data.

How Logic Bombs Work

Trigger Mechanisms

• Date/time – Executes on a specific date or time
• User action – Triggered by a particular user activity
• System event – Activated by system changes or failures
• File modification – Runs when a file is changed or deleted

Common Payloads

• Data deletion – Erases files or databases
• System corruption – Damages operating systems or applications
• Disabling security – Turns off security controls
• Launching other malware – Triggers additional attacks

Detection and Prevention

• Code review – Regularly review source code for suspicious logic
• Behavioral monitoring – Watch for unusual system activity
• Access controls – Limit permissions to critical systems
• Separation of duties – Prevent single-user sabotage
• Incident response – Prepare for insider threats

Famous Examples

• Tim Lloyd (Omega Engineering, 1996) – Logic bomb deleted critical files, causing $10 million in damages
• Sony BMG (2005) – Rootkit logic bomb disabled CD copying

Best Practices

• Enforce least privilege – Limit user access
• Monitor for changes – Track modifications to critical systems
• Conduct regular audits – Review code and system activity
• Educate employees – Raise awareness of insider threats
• Implement incident response plans – Prepare for logic bomb incidents