Logic Bomb
What is Logic Bomb?
Logic BombMalicious code that lies dormant inside a program and activates its payload only when a specific logical condition is met.
A logic bomb is code embedded in a legitimate or trojanized application that triggers a destructive or unauthorized action when a precise condition occurs — a date, the absence of a particular user from payroll, the deletion of a database record, a hostname match, or arrival of a special command. Until that condition is true, the bomb stays inert, which makes detection through behavioural testing difficult. Logic bombs are classic insider-threat and sabotage tools, but also appear in supply-chain implants and time-delayed wipers. Defences include rigorous code review, segregation of duties, integrity monitoring, behavioural EDR, and revocation of access for departing personnel.
● Examples
- 01
A disgruntled DBA scripting deletion of records once their account is disabled.
- 02
Supply-chain code that triggers only when a specific customer hostname is detected.
● Frequently asked questions
What is Logic Bomb?
Malicious code that lies dormant inside a program and activates its payload only when a specific logical condition is met. It belongs to the Malware category of cybersecurity.
What does Logic Bomb mean?
Malicious code that lies dormant inside a program and activates its payload only when a specific logical condition is met.
How do you defend against Logic Bomb?
Defences for Logic Bomb typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Logic Bomb?
Common alternative names include: Slag code, Conditional payload.