A “logic bomb” is malware that is activated in response to an event — for example, a user launching an application, visiting a target website, or upon the occurrence of a certain date (in this case, it is called a “time bomb”).
There are two main types of logic bomb. The first is when it is integrated into a virus complex, for example, with a Trojan and a keylogger. The user first downloads a Trojan that installs a keylogger and a “logic bomb”. As soon as the victim visits the desired site, where it is required to enter personal data (login, password, card number, etc.), the logic bomb launches a keylogger. He, in turn, reads the keystrokes and sends the information to the customer.
Information security audit
The second popular type of logic bomb is the code embedded in the official program, which runs according to the script laid down by the developer. A recent example is the sensational case of David Tinley, a programmer—contractor at Siemens, who was convicted of fraud with a “logic bomb”. The programmer developed complex Excel spreadsheets, with which the company solved some of its CRM tasks. The tables started working with errors at a certain point, and Siemens had no choice but to contact Tinley for a paid service. As a result, the programmer was accused of deliberate sabotage.
Some mobile device manufacturers act in a similar way, using a logic bomb of the “planned obsolescence” type — so that customers buy new versions of gadgets.
The sources of infection are the same as those of ordinary viruses: email attachments, infected sites, keygens for “cracked” utilities, etc. They can be embedded in official software, activating under specified conditions or upon the occurrence of a certain date.