New attacks use Windows security bypass zero-day to drop malware


Unaffected by Mark of the Web security warnings, new phishing assaults leverage a Windows zero-day vulnerability to install the Qbot malware. Windows adds a unique property known as the Mark of the Web to the file when it is downloaded from an untrusted remote location, such as the Internet or an email attachment.

This file’s Mark of the Web (MoTW), an alternative data stream, includes details about it, including the URL security zone it comes from, its referrer, and its download URL.

Read More…