Logic Bombs

Threats ⚠️ • Sec+ Glossary 📖 • Security+ 02 • Difficulty: premium

What is Logic Bombs?

A logic bomb is malicious code or a harmful programmed action that remains dormant until a specific condition, event, or trigger occurs, at which point it executes its payload.

Examples

A disgruntled employee hides code in a payroll system that deletes records if their user account is disabled.
Malicious code is placed in an application so it activates on a particular date and corrupts files across the server.

Discover 🔎

Some malicious actions happen immediately. Others are designed to wait. A logic bomb belongs to the second group. It is built to stay quiet until the right condition appears, and only then does it act.

That delayed behavior is what makes logic bombs dangerous. The harmful code may sit unnoticed inside a script, application, scheduled process, or system routine for a long time. Everything can appear normal until the trigger is met, and then the damage happens suddenly.

Remember: A logic bomb is defined by its trigger. The malicious code is planted in advance and waits for a specific condition before it activates.

Summary 📝

A logic bomb is malicious code designed to remain dormant until a chosen trigger occurs, after which it executes its payload. The trigger may be time-based or tied to another condition such as account removal, system state, or process failure. Its main danger comes from concealment and delayed execution, which is why strong code governance, review, logging, and insider risk controls are especially important.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.