Avast Academy Security Malware What Is a Logic Bomb? How to Prevent Logic Bomb Attacks

What Is a Logic Bomb? How to Prevent Logic Bomb Attacks

Logic bombs are subtle, sophisticated cybersecurity attacks — but the damage can be explosive. This article will define logic bombs, explain how they work, and explore famous logic bomb attacks. We’ll also show you how to protect yourself against all kinds of malicious cyber attacks with powerful software security tools like Avast One.

Editors' choice
Top Rated
Written by Deepan Ghimiray
Published on April 22, 2021

What is a logic bomb?

A logic bomb is a malicious piece of code that’s secretly inserted into a computer network, operating system, or software application. It lies dormant until a specific condition occurs. When this condition is met, the logic bomb is triggered — devastating a system by corrupting data, deleting files, or clearing hard drives.

Hamburguer menu icon

This Article Contains :

    Is a logic bomb malware?

    Logic bombs are small bits of code contained in other programs. Although they might be malicious, they’re not technically malware — it’s a fine line. Common types of malware include viruses and worms, which can contain logic bombs as part of their attack strategy. A logic bomb virus would then be a virus that has a logic bomb in its code.

    Unlike viruses and worms, which can infect a system on their own, a logic bomb is often inserted by someone with inside knowledge of the system — such as when a disgruntled employee embeds a logic bomb in their company’s network. And since they’re activated by a specific condition, logic bombs can go undetected for long periods of time, until they’re triggered by the coded condition.

    How does a logic bomb work?

    The conditions that trigger a logic bomb can be categorized as positive or negative. Logic bombs with positive triggers detonate after a condition is met, such as when you open a particular file. Negative triggers launch a logic bomb when a condition is not met, such as when the bomb isn’t deactivated in time.

    Either way, when the desired conditions are achieved, the program’s system of logic will order the logic bomb to go off and inflict its damage.

    Logic bombs can be triggered simply by opening a particular file.A logic bomb can be triggered simply by opening a file on your computer.

    Logic bomb attacks can be devastating. There are instances (read more below) of how logic bombs have wiped the servers of major financial institutions and other organizations. Anything that can disrupt the servers of a large company or institution has the power to cause serious havoc to the organization itself and the general population it serves. 

    Considering the potential consequences of such a threat, it’s critical to protect yourself against logic bombs and other malware threats.

    What are the characteristics of a logic bomb virus?

    The defining characteristics of a logic bomb are:

    • It lies dormant for a specific amount of time. Like a ticking time bomb, logic bombs aren’t meant to go off right away. That’s why people attacking from within a targeted system often use logic bombs — so they can cover their tracks. Logic bombs are subtle and can go undetected for years.

    • Its payload is unknown until it triggers. A payload is the component of malware that carries out the malicious activity — basically, what sort of damage the malware is coded to inflict. The payload can result in anything from the spread of spam emails through an infected system or the theft of valuable data.

    • It’s triggered by a certain condition. The detonator of the logic bomb is the condition that must be met. It’s this feature that lets logic code bombs go undetected for long periods of time. The trigger could be the deletion of an employee from the company payroll, or the date of an important event. Logic bombs with triggers related to dates or specific times are also known as time bombs.

    As malware continues to grow more sophisticated, it’s essential to keep a strong line of defense. Detect logic bombs and other malware threats automatically with Avast One. It uses intelligent threat-detection and real-time protection to stop malware threats in their tracks.

    Are there uses for a logic bomb that are not malicious?

    It’s unlikely that logic bombs would not be malicious. Part of the defining characteristics of logic bombs is their destructive nature. If they aren’t malicious, they usually aren’t considered logic bombs.

    To help illustrate logic bombs, let’s look at an example we see online all the time of a non-malicious logic bomb-like code: trial versions of programs that offer some level of access for a specified period of time. This is called trialware.

    Similar to logic bombs, trialware uses a logical condition (access for a certain number of days), but the payload is known (it’s a trial version of the software) and not malicious. Although it has similar characteristics, trialware lacks the maliciousness inherent in logic bombs.

    Logic bomb vs. time bomb attacks

    Time bombs are a type of logic bomb that are triggered by a certain time or date. To illuminate the comparison, here are some famous examples of logic bombs and time bombs:

    Logic bomb examples

    An incident in 1982, during the Cold War between the US and the Soviet Union, is considered the original logic bomb attack. The CIA was supposedly informed that a KGB operative had stolen the plans for an advanced control system along with its software from a Canadian company, to be used on a Siberian pipeline. The CIA apparently had a logic bomb coded in the system to sabotage the enemy.

    Since then, like after the birth of the computer virus itself, logic bomb attacks have become frequent in real life as well as in movies and television.

    Another famous logic bomb example took place inside the Siemens Corporation. A contract employee named David Tinley provided software to one of Siemens’s offices. Working for Siemens for nearly a decade, he was a trusted asset to the company, providing spreadsheet software to manage equipment. But at some point, Tinley planted a logic bomb in one of the spreadsheets.

    Every time the coded logical condition was met, the software would “malfunction” and Tinley would be called in to “fix” it. Tinley’s scheme lasted for two years. The logic bomb was eventually discovered when Tinley was out of town and gave the password to the software to Siemens’ IT team during another crash.

    Another name for a logic bomb is slag code. Logic bombs are also sometimes referred to as code bombs and cyber bombs.

    Time bomb examples

    A famous example of a computer time bomb is a 2006 incident at the investment banking company UBS. The time bomb was orchestrated by Roger Duronio, a systems administrator for the UBS Group AG. Duronio was apparently unhappy with his bonus, and so he plotted his revenge by setting up a time bomb malware attack. He sought to wipe out the company’s servers, leaving traders unable to trade.

    The time bomb went off on a date specified by Duronio, knocking out 2,000 servers at 400 office branches. But his master plan to decrease the stock value of UBS did not succeed. Duronio was sentenced to 8 years in prison. And he had to pay $3.1 million to UBS.

    A time bomb is a type of logic bomb that's set to go off at a particular preset time or date.A time bomb is a type of logic bomb that detonates at a certain time or date.

    Another famous time bomb example happened in 1998: the CIH virus, otherwise known as Chernobyl. Its trigger time was April 26, the date of the infamous Chernobyl nuclear disaster.

    Many consider the CIH virus the most destructive malware attack of its time. It was among the first malware attacks to damage hardware as well as the usual software. CIH eviscerated all information on system hard drives and damaged the BIOS on some motherboards.

    Whether for profiteering, revenge, or just plain havoc — logic bombs are tricky and do serious damage. The Behavior Shield in Avast One monitors all your apps for any suspicious behavior — one symptom of malware or other potentially dangerous activity. Protect yourself from the full spectrum of threats lurking out there with Avast One.

    Ways to prevent logic bomb attacks

    Logic bombs are sneaky and can cause serious damage. But if you take the necessary steps, you can easily evade them along with other malware threats. Employ these prevention strategies to keep you and your devices safe:

    1. Use trusted antivirus software

    Removing malware from your computer is no fun. With quality antivirus software, you won’t need to worry about malware infections. Reliable anti-malware software will stop malware before it infects your device — while constantly updating to adapt to the latest threats. It’s the most proactive step you can take to ensure a safer online experience.

    2. Don’t download anything you don’t know or trust

    Just like buying a car or making any other big decision, use your best judgment when downloading antivirus software or documents online. Be wary of pirated software or disreputable freeware, or software that governments do not trust. Use only the best antivirus programs from the most trusted security companies.

    Hackers intent on causing harm are experts at exploiting vulnerabilities. Stay away from suspicious links or email attachments. Learn to perform website safety checks. If something seems odd to you, it probably is.

    3. Perform regular OS updates

    Logic bombs, ransomware, spyware — there’s a whole arsenal of malware out there. And these threats constantly exploit new vulnerabilities on operating systems. Thankfully, developers update their software to combat these threats. It’s essential that you regularly update your OS to take advantage of these upgrades. That’s one of the simplest ways to keep your device safe.

    Protect your devices from logic bomb attacks with Avast

    Logic bombs, time bombs, and other malware threats aren’t going anywhere. But that shouldn’t stop you from living your best digital life. Avast One offers real-time protection and intelligent threat-detection to block all sorts of viruses, malware, spyware, ransomware, and phishing threats. 

    Avast One’s built-in Behavior Shield feature will watch your apps with laser focus for any signs of suspicious activity. And the Cyber Capture feature will automatically send suspicious files for analysis, and help all Avast users if it’s a threat. Plus, it’s totally free! Defuse logic bombs and other threats before they explode with world-class cybersecurity from Avast.

    Get Avast One for iPhone to help block hackers and malware


    Get Avast One for Android to help block hackers and malware

    Deepan Ghimiray