Logic Bombs – CompTIA Security+ SY0-401: 3.1

Logic bombs can be very destructive and can reside in our systems with near invisibility until they trigger. In this video, you’ll learn about common logic bomb categorizations and some real-world examples of logic bombs.

<< Previous Video: RootkitsNext: Botnets >>

Logic bombs are types of malware that are waiting for something to happen. They’re waiting for this pre-defined event to occur. At that point, something goes into effect. Files are removed, systems are rebooted, other things are deleted, systems are corrupted. There could be many things that happen with a logic bomb.

Very often these logic bombs are left by people who have a grudge. It’s someone who’s been dismissed. They’ve now been fired from the company, but before they leave, they’re going to set this bomb ticking. They’re going to set a program in place that once they walk out the door and days or weeks or months later, something may cause problems inside of that organization. So obviously it’s something that becomes a very, very big issue. This can be a date or time that occurs, and when that happens, the logic bomb goes off.

Or maybe it’s something that happens with users. Maybe is a file that is added to a computer or removed. Maybe it’s the next time a system reboots is when this logic bomb goes into effect. You’re never quite certain until you find the actual bomb to understand exactly what might cause it to go off.

These can be really, really difficult to find. Obviously, they’re not a virus. It’s not something that’s known by anti-malware or anti-spyware, and if it goes off, the people that are writing these logic bombs are generally destroying things. They’re destroying files, they’re creating corruptions inside of operating systems, they’re making a life really painful for everybody else. And so once the bomb goes off, it can be very, very difficult to recover from that.

Unfortunately, there have been some very well-documented cases of logic bombs. And if you go out to Google and you search for some, you can see all kinds of news articles. Here’s a couple of good examples of one. This one was at Fannie Mae, so a very, very large organization. He set, this is someone who had been dismissed by his job that set a logic bomb to completely disrupt over 4,000 servers at their organization. Now in this particular case, fortunately the logic bomb was found before it went off and so the entire script that was built to really create problems never really created a problem for the organization. Obviously, though, there was still legalities involved. There was still a prosecution, and there was still penalties associated with that.

Another example of a logic bomb, this is another large organization, UBS, where the system administrator was fired and then put a logic bomb onto the systems. And one of the things that he did that made this one especially bad is after he put the bomb that was going to take out a huge part of this organization– this is a bank, a financial organization– he went to a stockbroker and got put options, which means if the stock went down, he would make money. So obviously this is a very, very big problem.

They found this one before it went off as well. So in this particular case, they avoided a lot of problems, not only in their organization, but a lot of problems with what could have been stock fraud and things that should not have occurred in our financial system. And again, there were legalities involved, and we run into this a lot, not necessarily with spyware and malware, but certainly with hacking and other types of malicious things that might occur is that there are legalities involved. So you want to be sure that if you’re dealing with any type of situation where somebody has left a logic bomb in your environment that you’re handling it in the ways that we discussed in some of our previous videos.