Logic bomb

A logic bomb (usually English logic bomb or occasionally slag code called) is a computer program part that certain after the occurrence ( logical ) conditions harmful actions triggers. Analogous to the time bomb , the name is derived from the type of "ignition". Triggering conditions can be the reaching of a certain date or the lack of a certain file. Logic bombs are like computer viruses , worms and Trojan horses to malware and are often combined with these.

Working method and demarcation

Logic bombs are among the oldest and simplest representatives of malware and were used even before the first computer viruses. A logic bomb consists of two components:

• a sufficiently specific condition,
• an explosion , d. i.e., a harmful action.

The condition can e.g. B. the reaching of a certain date, the missing of a certain file or the execution by a certain user. The explosion can e.g. B. deleting data or infecting a system with a virus. A logic bomb is not noticeable before the condition is met.

Unlike a virus, a logic bomb cannot per se infect other files or reproduce itself. Conversely, the conditions that a virus or worm can spread are not specific enough to be called a logic bomb. In addition, unlike a logic bomb, a virus is not necessarily destructive. However, many viruses, worms and other malware are combined with logic bombs, cf. Michelangelo (computer virus) .

For example, a programmer could smuggle a function into a program that deletes important data when his name is no longer on the payroll, when disk usage has exceeded a threshold, or when the program has been called ten times.

In some cases, logic bombs are activated on a certain date, such as Friday 13th or 1st April . Such logic bombs are also called "time bombs".

Logic bombs always contain a function in the software that is (unknown) harmful to the user . Not as logic bombs are z. B. Easter eggs or program routines in trialware , i.e. demo versions of commercial software in which the functionality is restricted after a certain time or number of program calls.

• On his birthday in 2004, Unix administrator Yung-Hsun Lin wanted to have medical customer data deleted by a bomb on 70 Unix servers of his employer Medco Health Solutions in order to make himself indispensable as a programmer. However, he did not succeed in doing this in a first attempt (because of a script error ). An employee was able to discover and defuse the second attempt for his next birthday in good time. Yung-Hsun Lin was sentenced to 30 months in prison and fined $ 81,200.
• System administrator Roger Duronio was sentenced to 97 months in prison for implementing malicious code at his ex-employer UBS PaineWebber, wiping and shutting down 2000 servers at headquarters and 370 branches on March 4, 2002 at 9:30 am. The cost of getting the servers back up and running was over $ 3.1 million. The company suffered from the damage for several years, and some information on the servers could not be restored. Copies of the malicious code were found on Duronio's home computer.
• The Stuxnet virus consisted of several parts, including a. and from a logical bomb (z. B. Testing the frequency of the centrifuge motor between 807 Hz and 1210 Hz and date in a certain range), the certain only after reaching conditions was active, and only then from time to time centrifuges for uranium enrichment by to damage targeted frequency changes. According to David Albright, Paul Brannan and Christina Walrond, researchers at the Institute for Science and International Security (ISIS), he succeeded in doing this, and he could have destroyed up to a thousand Iranian centrifuges in Natanz . Due to the high complexity of the virus, it was suspected that it was commissioned by Western secret services, which was then smuggled in via a USB stick . Iran's President Mahmoud Ahmadinejad admitted that "they" had managed to cause problems in a limited number of centrifuges using software that "they" installed in electronic components. In the meantime, the indications have become so thick that it can now be considered certain that the USA and Israel are the clients of Stuxnet.

1. ↑ What is a logic bomb? ( Memento from September 5, 2014 in the Internet Archive ). In: PM Magazin, accessed on April 16, 2012
2. ↑ Administrator wanted to save job with a logical bomb ( memento of the original from February 2, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . In: Chip Online from January 10, 2008 @1@ 2Template: Webachiv / IABot / www.chip.de
3. ^ "Logical bomb": sysadmin sentenced to 30 months in prison . In: Computerwoche from January 9, 2008
4. ↑ Systems admin gets 30 months for planting logic bomb ( Memento of the original from October 16, 2008 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . In: Computerworld from January 9, 2008 @1@ 2Template: Webachiv / IABot / computerworld.co.nz
5. ↑ Ex-UBS Systems Admin Sentenced To 97 Months In Jail . In: InformationNewsweek of December 13, 2006
6. ↑ Worms, Trojans, and Logic Bombs . In: Focus Online from FOCUS Magazin, Issue No. 40, 2011
7. ^ Stuxnet: A Breakthrough . In: Symantec Blog, Nov. 16, 2010
8. ↑ Stuxnet virus could have destroyed a thousand uranium centrifuges . In: Spiegel Online from December 26, 2010
9. ↑ Iranians are said to have smuggled in Stuxnet via USB stick . In: Golem.de from April 13, 2012
10. ↑ Martin Holland: Stuxnet allegedly part of a larger attack on critical infrastructure in Iran. In: heise Security. Heise Medien GmbH & Co. KG, February 16, 2016, accessed on February 17, 2016 .