New attacks use Windows security bypass zero-day to drop Qbot malware

November 20, 2022 (updated June 12, 2023) Published by Eduardo Kando

New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.

When files are downloaded from an untrusted remote location, such as the Internet or an email attachment, Windows add a special attribute to the file called the Mark of the Web.

This Mark of the Web (MoTW) is an alternate data stream that contains information about the file, such as the URL security zone the file originates from, its referrer, and its download URL.

When a user attempts to open a file with a MoTW attribute, Windows will display a security warning asking if they are sure they wish to open the file.

“While files from the Internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not open this software,” reads the warning from Windows.

Know more here

About the author: Eduardo Kando

Get Involved & Participate!

Welcome to WisePlant

Industrial Cybersecurity and Safety Solutions

Comments

No comments yet

Please Note: this website requires the use of Javascript for proper operation. Please enable Javascript in order to experience the full capabilities of the application. Thank you!

Latest News

Calendar of Events

Contact Us

Price Lists

Training & Certification

OTC News

New attacks use Windows security bypass zero-day to drop Qbot malware

Get Involved & Participate!

Comments

Are you sure you want to delete your Profile?