logic bomb

Contributor(s): Laura Fitzgibbons

A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met. The term comes from the idea that a logic bomb “explodes” when it is triggered by a specific event. Events could include a certain date or time, a particular record being deleted from a system or the launching of an infected software application.

The level of destruction caused by a logic bomb can vary greatly and the set of conditions able to set one off is unlimited. Common malicious actions that logic bombs are able to commit include data corruption, file deletion or hard drive clearing.

Unlike other forms of malware that break into a secure system, logic bomb attacks tend to be cyber sabotage from a person within an organization who has access to sensitive data. One way that employees might exact revenge on a company if they believe they might be fired is to create a logic bomb that they diffuse each day, and that they alone are the only ones capable of putting off. That way, once they are no longer with the organization, the attack can begin, either instantly or after a pre-determined time period.

How logic bombs work

Logic bombs are secretly inserted into a computer network through the use of malicious code. The code can be inserted into the computer’s existing software or into other forms of malware such as viruses, worms or Trojan horses. It then lies dormant, and typically undetectable, until the trigger occurs.

Triggers can be categorized as positive or negative. Logic bombs with positive triggers happen after a condition is met, such as the date of a major company event. Negative triggers initiate a logic bomb when a condition is not met, such as an employee fails to enter the diffuse code by a certain time. Either way, when the conditions become true, the logic bomb will go off and inflict its programmed damage.

How to safeguard against logic bomb attacks

While business continuity and disaster recovery (BCDR) plans should include how to handle a logic bomb after it executes, cybersecurity best practices can be followed to prevent them in the first place. This includes:

  • Periodically scan all files, including compressed files.
  • Maintain updated antivirus software.
  • Ensure that all users activate features like auto-protect and email screening.
  • Protect all computers within a network individually.
  • Provide a clear safe use policy to all employees and have them acknowledge their part in maintaining the safety and integrity of any data they have access to.
This was last updated in April 2019

Continue Reading About logic bomb

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What makes some of the dangers of a logic bomb attack more devastating than other common forms of malware?
A logic bomb is different from other virus.
it is dietructive program that eexecutes at a fix time. Example. A famous logic bomb was friday 13th this virus executes if the day is friday and date is 13th
There has been a bunch of these over the years. Mainly ones that trigger on certain dates. The can also be used to deactivate or remove a "free trial" program... So this type of code is not always malicious.