Jump to content
PeterST

ANSWERED technolutions.net

Recommended Posts

We've had several reports that Malwarebytes is blocking any site with technolutions.net as part of the URL:

11/09/18    " 16:00:49.299"    760109    04fc    1fcc    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1254    "Malicious Website Protection, ipBlockList, 54.230.19.219, fw.cdn.technolutions.net, 2026, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

11/09/18    " 16:00:49.706"    760515    04fc    1fcc    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1254    "Malicious Website Protection, ipBlockList, 54.230.19.159, apply-ltu-edu.cdn.technolutions.net, 2029, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

It does not appear to blocking any other domains, only technolutions.net, regardless of the content served or protocol used (HTTPS, SIP etc.). This appears to be a false positive as there are no indications of malicious content from other sources.

We'd appreciate it if this could be resolved as soon as possible. Thank you.

 

Share this post


Link to post
Share on other sites

WMB:

I'm am getting hit by this.

I was originally being blocked when attempting to access applyto.usc.edu.
I just started a new topic re that.

I created an exclusion but was then blocked at fw.cdn.technosolutions.net as well as applyto-use-edu.cdn.technolutions.net.

I assume that I should create an additional exclusion for cdn.technosolutions.net?

Share this post


Link to post
Share on other sites

I am also having this problem; I interview applicants for my college alma mater and cannot access the site we use to submit evaluations.

Log of the blocked attempt attached.

export.txt

Share this post


Link to post
Share on other sites

Hey, 

Just wanted to add that I have also been getting this issue as of this afternoon when trying to get onto various school admission pages, as well as my current university's main login pages. Either Technolution had a security breach recently, or Malwarebytes accidentally picks them up as a Trojan. Either is possible, I suppose. I have not heard anything about Technolution having any issues, but it is possible that they indeed did get hacked, but aren't coming out publicly about it. 

Share this post


Link to post
Share on other sites

Thanks. I'll pass this along to the college and perhaps they can take it up with technolutions

Share this post


Link to post
Share on other sites

Just to give some background on what this issue was. First of all, no malware was being served from any Technolutions site at any stage. 

As you may be aware, our product Slate has an email module called Inbox where an admissions office can receive and reply to email. Email sent from Inbox has any embedded links rewritten for click tracking etc. So, for example, https://google.com might get rewritten to https://mx.technolutions.net/.....

In this particular case, a single email received by an admissions office was forwarded by one of their users to a colleague. The embedded link to a malware site in the email had the link rewritten. Presumably, their colleague had Malwarebytes installed. Malwarebytes automated reaction appears to be block the entire domain, rather than simply the link itself or the hostname. 

We've managed to disable this particular click-tracking link and have requested that they remove the block on the technolutions.net domain ASAP.

Just to reiterate, no malware was being served by Technolutions and this incident stems from a single forwarded email by an end-user. We are looking into ways that we or Malwarebytes can prevent this type of incident from re-occurring. 

Peter

Technolutions, Inc.

Share this post


Link to post
Share on other sites
16 hours ago, PeterST said:

Just to give some background on what this issue was. First of all, no malware was being served from any Technolutions site at any stage. 

As you may be aware, our product Slate has an email module called Inbox where an admissions office can receive and reply to email. Email sent from Inbox has any embedded links rewritten for click tracking etc. So, for example, https://google.com might get rewritten to https://mx.technolutions.net/.....

In this particular case, a single email received by an admissions office was forwarded by one of their users to a colleague. The embedded link to a malware site in the email had the link rewritten. Presumably, their colleague had Malwarebytes installed. Malwarebytes automated reaction appears to be block the entire domain, rather than simply the link itself or the hostname. 

We've managed to disable this particular click-tracking link and have requested that they remove the block on the technolutions.net domain ASAP.

Just to reiterate, no malware was being served by Technolutions and this incident stems from a single forwarded email by an end-user. We are looking into ways that we or Malwarebytes can prevent this type of incident from re-occurring. 

Peter

Technolutions, Inc.

Thanks a lot for you help Peter, the block will be removed immediately! :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.