LOGIC BOMBS

PRESENTED BY
ANSARI RAANA TABASSUM C-302
SAKHEE VINAYAK BICHU C-306
INTRODUCTION
 WHAT IS A LOGIC BOMB
 It is a piece of computer code that executes a
malicious task, such as clearing a hard drive or
deleting specific files, when it is triggered by a
specific event.

 It is also called slag code because all that's left

after it detonates is computer slag.

 It’s not the same thing as a virus, although it

often behaves in a similar manner.
 Contd.
 The Logic Bomb is secretly inserted into the
code of a computer's existing software, where it
lies dormant until that event occurs.

 The payload of a logic bomb is usually pretty

devastating to the company under attack.

 there are some virus types that are considered

logic bombs because they have a time-and-date
trigger.
 Contd.
 A logic bomb stays within the network in which it
was inserted, making it much easier to create
than a virus.

 All it needs to do is execute a task; it doesn't

need to reproduce, which is a more complicated
function.

 The type of action carried out in a logic

bomb does have a non-destructive use.
 Contd.
 There are 2 types of triggering in Logic Bomb:-
1. Positive Triggering
2. Negative Triggering

 The most dangerous form of the logic bomb is a

logic bomb that activates when something
doesn't happen i.e. Negative triggering.

 A logic bomb is the most civilized programmed

threat, because a logic bomb must be targeted
against a specific victim.
 TIME BOMB
 Time bombs are a subclass of logic bombs that
"explode" at a certain time.

 Some of the first viruses, written in the 1980s,

were time bombs.

 Some examples are:-

1. Friday the 13th
2. Win32.Kriz.3862
3. The Michelangelo
 WORKING OF LOGIC BOMB
 A logic bomb is a program, or portion of a
program, which lies dormant until a specific
piece of program logic is activated.

 The most common activator for a logic bomb is

a date. The logic bomb checks the system
date and does nothing until a pre-programmed
date and time is reached. At that point, the
logic bomb activates and executes it's code.

 A logic bomb could also be programmed to

wait for a certain message from the
programmer.
 Contd.
 Logic bombs operate in two ways:
1) Triggered Event
2) Still Here Event

 In triggered event, the program will review the

payroll records each day to ensure that the
programmer responsible is still employed, and
once he is fired the Logic bomb will slag vital
files.

 In Still Here even the program will run unless it is

deactivated by the programmer
 HISTORIC LOGIC BOMBS
 Michelangelo was a logic bomb designed to
activate yearly since the early 1990s, on the
birthday of the painter of the same name i.e.
Michelangelo - March 6th.

 In June 1992, a defense contractor General

Dynamics employee, Michael Lauffenburger,
was arrested for inserting a logic bomb that
would delete vital rocket project data.

 On October 2, 2003 Yung-Hsun Lin, created a

logic bomb set to go off on his birthday in 2004.
but it failed caz of programing error.
 FICTIONAL LOGIC BOMBS
 Even there are many films which are based on
the concept of a Logic Bomb.

 Some examples like:-

1. In Moffett's Ghost, an episode of Airwolf
television series, the logic bomb used was
like,Airwolf is set to destroy any aircraft in its
range.
2. Hugh Jackman's character in Swordfish,
Stanley Jobson, have "dropped a logic bomb
through the trapdoor“.
IMPLEMENTED LOGIC BOMBS
 IMPLEMENTATION AREAS
 Logic Bombs can be implemented on Intranet
such as company’s LAN or on Internet.

 Logic Bombs that are implemented on LAN

affect only the company’s Data. It does not
spread in the outside world.

 Whereas, Logic Bombs implemented on Internet

can be spread and it can cause damage to every
computer on which the malicious code is being
run.
 LOGIC BOMBS ON LAN
 In December 2006, an ex-employee of the
financial company UBS PaineWebber was
sentenced to eight years in prison and more
than $3 million in restitution (compensation) for
planting a logic bomb in UBS's computer
network in 2002.

 In investigations conducted by network

forensics consultancy, Intel guardians, have
seen that an administrator set up a logic bomb
designed to trigger if he didn't log in for 90 days.
 LOGIC BOMBS ON INTERNET
 This is quite easy to do with only a limited
understanding of Visual Basic. The simplest way
is to create a macro that executes immediately
the document is opened in an application and
contains the "payload", innocent or otherwise.

 Computer Weekly, March 23rd 1995, Page 2

carried a story originating from Digital Equipment
of the possibility of a 'logic bomb' being sent by
email.
 TO DEAL WITH LOGIC BOMBS
 Most IT experts recommend constant
monitoring, using virus software and other
scanning programs intended to pick up on new
objects in a computer's data, not only of overall
networks but also of each individual computer on
a network.

 To deal with logic bombs, make sure your

enterprise employs regular backups that are
verified on a consistent basis.

 make sure you have Hot Standby Router

Protocol (HSRP) enabled on your routers, which
will ensure connectivity even when first-hop
routers fail.
SAFE GAURDING AGAINST LOGIC
BOMB
 MINIMIZING POTENTIAL
There are number of ways to minimize potential for
obtaining Logic Bombs.

 Individual Actions:-
1. Check disks or programs using current version of
Antivirus software.
2. Don’t use software or demos with doubtful origin.
3. Check the disk which is lend to other, before using it
again.
4. Remove the floppy disk hen work is done.
5. Don’t boot the machine if any disk, except a “Clean
Bootable System Disk “ is present is disk drive.
6. Scan any program or document downloaded on the
machine.
7. Upgrade the Anti-virus software on regular basis.
8. Be aware of “cookies” on internet.
 Contd.
 Network School Actions:-

1. use anti-virus software programs and pre-set

network operating system software.

2. clearly establish acceptable use policies,

making clear appropriate and inappropriate
actions to both students and staff.

3. use the network utilities which remove

unauthorized files and programs based on a
pre-set time frame.
 SAFETY MEASURES FOR
MICROSOFT OFFICE APPLICATIONS
 Word or Excel will skip loading a macro on the
internet if the [SHIFT] key is held down while the
file is being loaded from the File/Open dialog
box.

 It does not necessarily work if the file is opened

by double-clicking in Explorer or launched from
Mulberry or a web browser.
 Contd.
 For example, to open a Word document
without automatically executing any macros:

1. Save it to a file

2. Start up Word

3. From the File menu, choose Open and select the

file you wish to load

4. Hold down the [SHIFT] key and click on [OK]

5. Keep the [SHIFT] key depressed until the document

has finished loading.
 THE BOTTOM LINES
1. Take care with unsolicited files in general,
whether accessed through the Internet or more
conventional means.

2. With email attachments: if you don't know the

poster, don't read them or take extreme care.

3. Remember that email "authorship" can be

forged very easily. (Someone you don't know
might purport to be someone you do know) .
Use latest anti-virus software.
 THE VERY BOTTOM LINE

The best precaution against all threats

to files on PCs is to have an
adequate, current backup.
 REFERENCE WEBSITES

 http://computer.howstuffworks.com/logic-
bomb.htm

 http://www.networkworld.com/newsletter
s/sec/2002/01514405.html

 http://en.wikipedia.org/wiki/Logic_bomb