Logic bombs are programs or parts of programs that are inserted into legitimate software systems and will conduct a malicious action once preconditions are met. These preconditions could be a certain date, time, or action conducted by the end-user. Many times, computer viruses or computer worms will contain a logic bomb that will then deliver a malicious payload at a pre-determined time or set of circumstances. For example, Friday the 13th is a popular date for logic bombs to be set off as well as political dates and anniversaries. A Trojan Virus that is activated on a set date is considered to be a variant of a Logic Bomb…sometimes called a Time Bomb.

What Does Code Have to Have to be a Logic Bomb?

To be considered a logic bomb, the offending piece of software has to be unknown to the user of the computer not be desired in the program or code. A logic bomb could be made to wait until a remote hacker sends a network message to program telling it to do malicious actions on the end-user’s computer, or it could simply be set to read the system date and time of the infected computer and conduct its malicious actions once those pre-conditions are met. It can also be designed to activate when a computer database exceeds a pre-defined size or to go off if a computer user doesn’t log in to a system for a set amount of time. This is a popular variant of a logic bomb used by disgruntled computer developers who want to get back at the company that fires them. These types of logic bombs are dangerous and hard to defend against, because they go off when something does not happen. They don’t spread to other computers, but they will normally do greater damage than those designed to start on pre-conditions of action or time. Sometimes logic bombs are used to bribe a company into payment to prevent significant damage to their Information Technology resources.

How to Defend Against Logic Bombs

Professionally targeted logic bombs are very hard to defend against. They are normally personalized programming code inserted by a company insider and require other programmers to detect. Cloud computing-based computer defense systems show promise at being able to prove more effective at defense agaist this type of logic bomb in the future, but for now the most effect defense is relying on prudent management techniques of immediately removing employee access to computing systems that could be capable of planing logic bombs in the event of their dismissal. For the normal computer user, you are most at risk of computer spyware and malware that contain logic bombs as part of the malware. The best defense in this case is to keep your computer anti-virus program up to date and adhere to good computer security practices.

Computer Spyware infects a computer without the user’s permission. Spyware can be very dangerous to your personal privacy and can serve as a gateway to additional computer malware infection on your computer. Spyware by its nature does not self-replicate, but is used to exploit holes in the security on your computer. Recent trends have seen a significant rise in fake anti-spyware programs on the Internet that have been used to trick users into downloading additional spyware and malware to their computers.

Types of Computer Spyware

Four of the common types of computer spyware are: Adware, Browser Hijackers, Keyboard Loggers, and Modem Hijackers.

Adware

Not all Adware is bad. There is a growing population of Adware, however, that collect and send information to remote servers from your computer. This information includes web surfing history, advertisement clicks, etc. The rogue adware variants are also known to be bundled with other computer malware that could be installed on your computer.

Browser Hijack
A large amount of spyware will attempt to take over your web browser and modify the hosts file that determines what uniform resource locator is used to correlate to major search engine websites such as Yahoo, Bing, and Google. They will also force your browser to open rogue websites that pretend to be security centers of major providers online. The hijacked websites will then download computer malware to your computer and result in further infection.

Keyboard Logger
Keyboard loggers are one of the most dangerous variants of Spyware. Their sole purpose is to steal your private information and send it to a hacker for further use. This can be anything from your bank records, to email, to any other site that requires a login and password.

Modem Hijackers

Less prevalent today in the age of broadband connections, Modem Hijackers are still dangerous to computer users who have to use dial-up to connect to the Internet. A modem Hijacker will call a phone number that has a high per-minute charge and will run your phone bill up.

Trojan Viruses take their name from the lore of the Trojan Horse. A Trojan virus is computer malware that is disguised as something useful that encourages you to download or open the file or program which contains the malware. Once opened, the Trojan virus infects your computer. They are capable of downloading or containing “payload” applications that are other computer malware which can do harm. A Trojan Virus is not able to self-replicate like a computer virus, but rather relies on other malware or computer users to spread the infection.

Trojan Virus Payloads

Many Trojan Viruses are designed to allow a hacker to have remote access to your computer. Once you have a Trojan installed on your computer, potential operations that a hacker can perform are:

- Using your machine to help conduct a Denial of Service attack against another website or service.

- Stealing your personal information (banking, credit cards, passwords, etc)

- Installing other computer malware

- Deleting or modifying files on your computer

- Keylogging and screen captures of your activities to send back to the controlling hacker

- Uploading of files to your computer

Methods of Trojan Virus Infection

Trojan viruses normally spread one of two ways: 1 – By being combined with a legitimate looking software program that the user will download and execute on their computer, and 2- disguising themselves as a useful file such as a MP-3 or movie file. They are also known to be sent via email, and sometimes directly injected by hackers through security holes in Web Browsers and Operating Systems.

Trojan Virus Trends

Trojan viruses have increasingly been used as a gateway to other computer malware on the Internet. Hackers have grown savvy to the lack of anti-malware software being used by the general public and have been taking advantage. The majority of Trojan virus infections could be prevented if computer users would simply update their operating system and anti-virus software. Hackers have also been using social networking sites such as Myspace, Facebook, etc to spread Trojan viruses through peer-peer games, message attachments, and DirectX attacks to upload Trojans to unsuspecting computer users.

Computer worms are made to infect other computers through using the Internet to spam copies of themselves to spread. Most computer worms are damaging through their negative impact of system and network resources through their rapid and mostly uncontrolled spread. Some worms are coupled or combined with other computer malware in order to maximize their impact.

Methods of Computer Worm Infection

A lot of computer worms are made with the sole intention to spread and not cause harm to networks and users computers. Examples of worms with benign intentions such as this that resulted in unintended network disruptions were the Morris Worm and Mydoom. Other worms will carry a payload meant to do harm. The ExploreZip worm will actually delete files on the targeted computer. Some worms will encrypt files in an attempt to extort the user to remove the encryption, and others will install a backdoor on your computer in order to allow it to be used to attack other computers, websites, or computing systems. Many times email spammers are found to be behind computer worm infections that are coupled with a payload to make a user’s computer open to being taken over for sending spam email. Other means of spreading by worms are making use of backdoors opened by other computer malware. The well-known worm, Doomjuice uses the backdoor that is opened on your computer by Mydoom. Other means of spreading are through infected email attachments and multi-media files.

Current Trends of Computer Worms

Robert Tappan Morris is credited with accidentally creating the first computer worm in 1988. The “Internet Worm” as it was known, used the sendmail function, finger, and rsh/rexec to spread itself to other computers on the Internet. The SQL Slammer Worm came out in 2003 and used a Microsoft SQL Server 2000 vulnerability in order to spread across the Internet. The Blaster Worm took a similar route in the 2003 by using a Microsoft DCOM / RPC to spread. Well-known email worms that have emerged over the past decade have been: 1 – The Melissa worm of 1999, 2 – The Sobig WOrm of 2003, and 3 – Mydoom worm in 2004. These worms shared features with a Trojan Horse in that they encouraged the end-user to open the infected file attachment in order to spread. The MyDoom worm, however, was the first of a number of computer malware programs to use peer-to-peer file sharing networks to rapidly spread. MyDoom was originally spread using the KaZaa file sharing network and had variants which used payloads to launch denial of service attacks againstMicrosoft and SCO.

A computer virus is designed to infect files on a computer system through self-replication. It is capable of spreading to other computers on its own. Methods of infection include: infecting other files, email attachments, boot sectors of portable drives, instant messaging, and directly through security vulnerabilities in an Operating System or application. Not all computer viruses have a malicious payload, however, many do. Virus payloads are designed to do everything from deleting files on your computer to stealing your private information. Some are just made to disrupt operations on your computer or can be combined with other computer malware in a more complex package. 

Methods of Computer Virus Infection

For a virus to spread, it has to execute its code and write to memory on a computer or computer periphery’s memory. Many viruses and other computer malware will attach themselves to legitimate applications or multimedia files in order to get the end-user to run them. There are two types of viruses that are classified based on the behavior observed after execution: resident and non-resident. A resident virus will not look for new hosts or other computers when executed. Instead, it will load itself into memory and then infect new hosts when the infected program is accessed. Non-resident viruses immediately search for new hosts to infect once they are executed.