Malware that forge logs

[chicchi]

Hi,

Somehow I was wondering,
Do malware exist that forge the logs?

 

[Winter Soldier]

I do not exclude that, but what would be the purpose? I don't know what benefit it gets, forging the log files.

 

[Deleted member 65228]

Do malware exist that forge the logs?

Do you mean "forge" logs as in fake them? If so, then yes malware somewhere out there will do this. Somewhere..

It is actually quite straight forward to do it properly. You'd have many alternative approaches... You could subvert individual processes performing I/O operations to alter the execution flow when specific API functions are called so you can remove any logging of information related to a specific target, or you could scan and find new log files and then change the contents in the background...

I guess it could be interesting, as it means when someone uploads their FRST scan report it can have information missing which incriminated the infection present on the system (or similar), but I do not have any samples which do this sadly.