December 18, 2013

3.1.8 Logic Bomb

Logic bomb

A logic bomb is a form of malicious code that is unauthorized and unknown to the legitimate user. It remains dormant until a triggering event occurs. When triggered it performs some undesirable act.

The triggering event may be a positive trigger or a negative trigger. An example of a positive trigger can be the lapse of a period of time, the modification of a file or system configuration, or an application-specific event such as the removal of an entry in the company’s salary database. A negative trigger can be a failure to respond to a prompt. Logic bombs are considered viruses. Sometimes logic bombs are referred to as slag code or time bomb.

A logic bomb will carry out any number of malicious activities including: deleting data, reformatting drives, modification of system configurations, weakening system security, etc.

Deploying a logic bomb can be considered more an act of precision bombing than indiscriminate bombing. The target of a logic bomb attack is usually a specific function or system at a specific organization. In IT, logic bombs have often been deployed by fired or otherwise disgruntled employees.

Countering logic bombs is difficult as they are usually deployed by authorized and trusted personnel. Countermeasures will include consistent scanning, and monitoring for changes to system resources. Also activities by system administrators should be logged and audited.

No comments:

Post a Comment