Logic bomb

“Logic bomb” is malware that is activated in response to an event, such as a user launching an application, visiting a target website, or when a specific date occurs (then called a “time bomb”).

There are two main types of logic bomb. The first is when it is integrated into a virus complex, such as with a trojan and keylogger. The user first downloads the trojan, which installs the keylogger and the “logic bomb”. As soon as the victim enters the desired site, where he or she is required to enter personal data (login, password, card number, etc.), the logic bomb launches the keylogger. The keylogger in turn reads the keystrokes and sends the information to the customer.

The second popular type of logic bomb is the code embedded in the official program, which runs according to a script laid down by the developer. A recent example is the notorious case of Siemens contractor programmer David Tinley, who was convicted of a logic bomb scam. The programmer developed complex Excel spreadsheets that the company used to solve some of its CRM problems. At a certain point, the spreadsheets began to work with errors, and Siemens had nothing to do but to turn to Tinley for a paid service. As a result, the programmer was accused of willful sabotage.

Some manufacturers of mobile devices operate in a similar way, using logic bombs like “planned obsolescence” to make customers buy new versions of gadgets.

Sources of infection are the same as for regular viruses: email attachments, infected websites, keygen for “cracked” utilities and so on. They can be embedded in official software, activating under specified conditions or when a certain date occurs.