Everything posted by PeterST
Just to give some background on what this issue was. First of all, no malware was being served from any Technolutions site at any stage. As you may be aware, our product Slate has an email module called Inbox where an admissions office can receive and reply to email. Email sent from Inbox has any embedded links rewritten for click tracking etc. So, for example, https://google.com might get rewritten to https://mx.technolutions.net/..... In this particular case, a single email received by an admissions office was forwarded by one of their users to a colleague. The embedded link to a malware site in the email had the link rewritten. Presumably, their colleague had Malwarebytes installed. Malwarebytes automated reaction appears to be block the entire domain, rather than simply the link itself or the hostname. We've managed to disable this particular click-tracking link and have requested that they remove the block on the technolutions.net domain ASAP. Just to reiterate, no malware was being served by Technolutions and this incident stems from a single forwarded email by an end-user. We are looking into ways that we or Malwarebytes can prevent this type of incident from re-occurring. Peter Technolutions, Inc.
We've had several reports that Malwarebytes is blocking any site with technolutions.net as part of the URL: 11/09/18 " 16:00:49.299" 760109 04fc 1fcc INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1254 "Malicious Website Protection, ipBlockList, 18.104.22.168, fw.cdn.technolutions.net, 2026, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 11/09/18 " 16:00:49.706" 760515 04fc 1fcc INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1254 "Malicious Website Protection, ipBlockList, 22.214.171.124, apply-ltu-edu.cdn.technolutions.net, 2029, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" It does not appear to blocking any other domains, only technolutions.net, regardless of the content served or protocol used (HTTPS, SIP etc.). This appears to be a false positive as there are no indications of malicious content from other sources. We'd appreciate it if this could be resolved as soon as possible. Thank you.