Jump to content

technolutions.net

PeterST

By PeterST
in Website Blocking

 Share
Go to solution Solved by Dashke,

Recommended Posts

PeterST

PeterST

Posted
Posted

We've had several reports that Malwarebytes is blocking any site with technolutions.net as part of the URL:

11/09/18    " 16:00:49.299"    760109    04fc    1fcc    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1254    "Malicious Website Protection, ipBlockList, 54.230.19.219, fw.cdn.technolutions.net, 2026, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

11/09/18    " 16:00:49.706"    760515    04fc    1fcc    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1254    "Malicious Website Protection, ipBlockList, 54.230.19.159, apply-ltu-edu.cdn.technolutions.net, 2029, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

It does not appear to blocking any other domains, only technolutions.net, regardless of the content served or protocol used (HTTPS, SIP etc.). This appears to be a false positive as there are no indications of malicious content from other sources.

We'd appreciate it if this could be resolved as soon as possible. Thank you.

 

Link to post
Share on other sites
bckator

bckator

Posted
Posted

WMB:

I'm am getting hit by this.

I was originally being blocked when attempting to access applyto.usc.edu.
I just started a new topic re that.

I created an exclusion but was then blocked at fw.cdn.technosolutions.net as well as applyto-use-edu.cdn.technolutions.net.

I assume that I should create an additional exclusion for cdn.technosolutions.net?

Link to post
Share on other sites
CaiusDahLupus

CaiusDahLupus

Posted
Posted

Hey, 

Just wanted to add that I have also been getting this issue as of this afternoon when trying to get onto various school admission pages, as well as my current university's main login pages. Either Technolution had a security breach recently, or Malwarebytes accidentally picks them up as a Trojan. Either is possible, I suppose. I have not heard anything about Technolution having any issues, but it is possible that they indeed did get hacked, but aren't coming out publicly about it. 

Link to post
Share on other sites
PeterST

PeterST

Posted
  • Author
Posted

Just to give some background on what this issue was. First of all, no malware was being served from any Technolutions site at any stage. 

As you may be aware, our product Slate has an email module called Inbox where an admissions office can receive and reply to email. Email sent from Inbox has any embedded links rewritten for click tracking etc. So, for example, https://google.com might get rewritten to https://mx.technolutions.net/.....

In this particular case, a single email received by an admissions office was forwarded by one of their users to a colleague. The embedded link to a malware site in the email had the link rewritten. Presumably, their colleague had Malwarebytes installed. Malwarebytes automated reaction appears to be block the entire domain, rather than simply the link itself or the hostname. 

We've managed to disable this particular click-tracking link and have requested that they remove the block on the technolutions.net domain ASAP.

Just to reiterate, no malware was being served by Technolutions and this incident stems from a single forwarded email by an end-user. We are looking into ways that we or Malwarebytes can prevent this type of incident from re-occurring. 

Peter

Technolutions, Inc.

Link to post
Share on other sites
  • Staff
Dashke

Dashke

Posted
  • Staff
Posted
16 hours ago, PeterST said:

Just to give some background on what this issue was. First of all, no malware was being served from any Technolutions site at any stage. 

As you may be aware, our product Slate has an email module called Inbox where an admissions office can receive and reply to email. Email sent from Inbox has any embedded links rewritten for click tracking etc. So, for example, https://google.com might get rewritten to https://mx.technolutions.net/.....

In this particular case, a single email received by an admissions office was forwarded by one of their users to a colleague. The embedded link to a malware site in the email had the link rewritten. Presumably, their colleague had Malwarebytes installed. Malwarebytes automated reaction appears to be block the entire domain, rather than simply the link itself or the hostname. 

We've managed to disable this particular click-tracking link and have requested that they remove the block on the technolutions.net domain ASAP.

Just to reiterate, no malware was being served by Technolutions and this incident stems from a single forwarded email by an end-user. We are looking into ways that we or Malwarebytes can prevent this type of incident from re-occurring. 

Peter

Technolutions, Inc.

Thanks a lot for you help Peter, the block will be removed immediately! :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept