Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Spotfire Malware Flag

$
0
0

Normally, I lead off with questions intending to help the user decipher whether the post is relevant to them. In this case, the questions I came up with were almost too comical to take seriously. Here they are anyway….

Are you suspicious that Spotfire is attacking your computer? Has your company’s security team flagged Spotfire temp files? Are you worried malware has been installed on your computer veiled as Spotfire files?

Most of my blog post ideas come from situations I encounter in my day to day work. Last week, my company’sIT security folks contacted me this week because our new malware program flagged mylaptop and the Spotfire temp folder as suspicious. What do I mean suspicious? Well, the software detected that .exe files were being run on my machine that “looked like malware”. First, security wanted to confirm I was actually using my laptop and wasn’t on vacation with some foreign invader remoting into my machine. Once we established that was not the case, I contacted TIBCO for more information on the files in question. Rarely do we dig deep into our temp folders, but that’s what I did this week.

Suspicious Files

The files in question were located in AppData at the file path shown. The Spotfire folder also contained a subfolder for each version of Spotfire that has ever run on this laptop with all of their own subfolders. What you see in the screenshot is actually a recreation. Previously, the 7.12 folder contained about 50 subfolders with thousands of temp files within those folders.


Spotfire Malware Flag

Some of the folders were empty, and others had files that look like this, with different folders containing different extensions. The .exe my security team flagged had a .doc.exe extension. It kinda looks like malware doesn’t it?


Spotfire Malware Flag
Spotfire Malware Flag
Call in the Experts

While I felt fairly certain these temp files were not malicious, you can’t be too careful with internet security. No one wants their idle Wednesday rocked with viruses and malware. TIBCO responded quickly and confirmed Spotfire uses the temp files for housekeeping tasks. They run when Spotfire runs andperform tasks like loading config files.

Lastly, some of them disappear when the application closes, but not all of them, which is how I accumulated so many. They are all created upon opening the application. I deleted everything in the TEMP folder except Data Storage and observed them recreating upon the next analysis session. You may delete all of them without consequence after closing the application. Do not delete them while Spotfire is open. Bad things can happen if you do that, including not being able to save your DXPs. I recommend cleaning this out every now and then, but it’s nothing to lose sleep over.

Spotfire Version

Content created with Spotfire version 7.12.


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles