A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function

when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Many viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.
Also called slag code, programming code added to the software of an application or operating system that lies dormant until a predetermined period of time (i.e., a period of latency) or event occurs, triggering the code into action. Logic bombs typically are malicious in intent, acting in the same ways as a virus or Trojan horse once activated. In fact, viruses that are set to be released at a certain time are considered logic bombs. They can perform such actions as reformatting a hard drive and/or deleting, altering or corrupting data. Some logic bombs can be detected and eliminated before they execute through a periodic scan of all computer files, including compressed files, with an up-to-date anti-virus program. For best results, the auto-protect and e-mail screening functions of the anti-virus program should be activated by the computer user whenever the machine is online. In a network, each computer should be individually protected, in addition to whatever protection is provided by the network adminstrator. Unfortunately, even this precaution does not guarantee 100-percent system immunity.

The most common activator for a logic bomb is a date. The logic bomb checks the system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb activates and executes its code. A logic bomb could also be programmed to wait for a certain message from the programmer. The logic bomb could, for example, check a web site once a week for a certain message. When the logic bomb sees that message, or when the logic bomb stops seeing that message, it activates and executes its code.

A logic bomb can also be programmed to activate on a wide variety of other variables, such as when a database grows past a certain size or a users home directory is deleted.

The most dangerous form of the logic bomb is a logic bomb that activates when something doesnt happen. Imagine a suspicious and unethical system administrator who creates a logic bomb which deletes all of the data on a server if he doesnt log in for a month. The system administrator programs the logic bomb with this logic because he knows that if he is fired, he wont be able to get back into the system to set his logic bomb. One day on his way to work, our suspicious and unethical system administrator is hit by a bus. Three weeks later, his logic bomb goes off and the server is wiped clean. The system administrator meant for the logic bomb to explode if he was fired; he did not forsee that he would be hit by a bus. Because a logic bomb does not replicate itself, it is very easy to write a logic bomb program. This also means that a logic bomb will not spread to unintended victims. In some ways, a logic bomb is the most civilized programmed threat, because a logic bomb must be targeted against a specific victim. The classic use for a logic bomb is to ensure payment for software. If payment is not made by a certain date, the logic bomb activates and the software automatically deletes itself. A more malicious form of that logic bomb would also delete other data on the system.

Working: A logic bomb, also called slag code because all that's left after it detonates is computer slag, is not the same thing as a virus, although it often behaves in a similar manner. It is a piece of computer code that executes a malicious task, such as clearing a hard drive or deleting specific files, when it is triggered by a specific event. It's secretly inserted into the code of a computer's existing software, where it lies dormant until that event occurs. This event might be a positive trigger, such as a specific date and time or the removal of an employee's name from the salary database; or it might be a negative trigger, such as a particular employee failing to input a command by a certain time -- meaning he or she is probably not at the company anymore. Negative triggers are considered to be more dangerous than positive

ones, since the risk of accidentally triggering the bomb -- say, if the employee is suddenly hospitalized with appendicitis -- increases dramatically. And when the bomb goes off, the damage is done -- files are deleted, secret information is sent to the wrong people, the network is crippled for days ...

Prevention:

T he payload of a logic bomb is usually pretty devastating to the company under attack. It's often a tool used by angry employees -- in the IT world, it has a reputation of being associated with "disgruntled employee syndrome." And a disgruntled employee probably wouldn't get too much satisfaction from making a smiley face show up on every networked computer at 3:14 p.m. on a specific Tuesday. A logic bomb doesn't have much use outside of targeting a specific computer or network, and IT employees are usually the only ones with the access and know-how to implement them. Logic bombs aren't usually programmed to spread to unknown recipients, although there are some virus types that are considered logic bombs because they have a timeand-date trigger. And some viruses have a logic bomb embedded in them that carries out a payload in addition to the virus's replicating function. For the most part, though, a logic bomb stays put within the network in which it was inserted. This makes it much easier to create than a virus. All it needs to do is execute a task; it doesn't need to reproduce, which is a more complicated function.

The code in logic bombs can bring down a company. To avoid missing the insertion of a logic bomb into a network, most IT experts recommend constant monitoring, using virus software and other scanning programs intended to pick up on new objects in a computer's data, not only of overall networks but also of each individual computer on a network.

The type of action carried out in a logic bomb does have a non-destructive use: It makes restricted, free software trials possible. After a certain time period, a piece of code embedded in the software's code causes the free software to disappear or become crippled so the user needs to pay to continue to use it. But since this is a non-malicious, user-transparent use of the code, it's not typically referred to as a logic bomb.