Logic Bombs Flashcards
1
Q
Logic Bombs
A
- Waits for a predefined event
- Often left by someone with grudge
- Time bomb
- Time or date
- User event
- Logic bomb
- Difficult to identify
- Difficult to recover if it goes off
2
Q
Real-world logic Bombs
A
• March 19, 2013, South Korea • Email with malicious attachment sent to South Korean organizations • Posed as a bank email • Trojan installs malware
- March 20, 2013, 2 p.m. local time
- Malware logic-bomb activates
- Storage and master boot record deleted, system reboots
• Boot device not found
Please install an operating system on your hard disk.
3
Q
Preventing a logic bomb
A
- Difficult to recognize - Each is unique
- No predefined signatures
• Process and procedures - Formal change control
- Electronic monitoring
- Alert on changes
- Host-based intrusion detection, Tripwire, etc.
- Constant auditing
- An administrator can circumvent existing systems