Cryptography Reference
In-Depth Information
Logic Bombs
The
logic bomb
, also known as
slag code
, is a much older device than the
virus. Like a bomb, it requires a trigger to set it off (“explode”), until which
time it remains dormant in a host program. The results are particularly ugly,
as would be the effects of a real bomb in a populated area. It may make the
entire hard drive unreadable, or it may be more insidious and merely change a
byte here and there, avoiding detection until it does irreversible damage. The
trigger may be any of a number of vehicles from an elapsed amount of time,
a particular date and time (December 31, 1999, at 24:00 hours, for instance),
or perhaps the removal of an employee from the payroll file, indicating that he
was fired. If he were really clever, the bomb would go off a few months after
his termination. In this case, the logic bomb would trigger a piece of malicious
code to
slag
(destroy) essential files in the company's system. This use of logic
bombs clearly demonstrates the need for audit trails (see page 394), as well as
clearly delineated breakdown of individual duties at any organization.
A real-world example comes from Omega Engineering and a (fired) disgrun-
tled employee who turned vicious. A logic bomb slagged all of its research,
development, and production programs, including the tape backup. One of
Omega's programmer's, Timothy Lloyd, was arrested in 1998 for setting the
logicbomb on Omega's network. It exploded and destroyed all their data ten
days after he was fired.
A logic bomb may be considered to be a delayed-action virus in terms of
effect. They can be eliminated before they explode by using virus-scanning
software. If the scanning software is put on auto-protect mode, including e-mail
screening, then the probability of catching a logic bomb in time is increased.
Trojan Horse
The name
Trojan horse
comes from the story of Troy (about which you may
read on pages 24 and 25). It is piece of malicious code that is inserted into a
seemingly benign program. However, it differs from a virus in that it does not
replicate itself. For instance, you might download a movie or some music from
the Internet and find that it contained a Trojan horse that erases your hard
disk. Another popular alternative for downloads that contain Trojan horses are
FTP archives (see page 326). Another is peer-to-peer exchanges over an IRC
channel.
10.30
You have to be careful since the more you download or exchange,
the greater the risk of getting a Trojan horse as part of the deal, since Trojan
horses are very common among IRC traders. Do not download from people or
sites unless you are 100% certain of them. Even if the peer-to-peer exchange
is with a trusted friend, there may be a Trojan horse lurking. In fact, the way
most people find out that they have a Trojan horse is that others tell, say,
Alice, that they are being infected by her download. Never use auto-download
features, since you must check every file first. Moreover, check it out
before
you
download it since if you download an executable file that has a Trojan horse and
10.30
IRC
stands for
Internet Relay Chat
, which was originally designed for people to “chat”
in real time. IRC users trade movies, music, games, and software, peer-to-peer sharing.
Search WWH ::
Custom Search