What is Windows Attachment Manager and how does it mark downloaded files as untrusted?

Windows Attachment Manager is a security feature introduced in Windows XP SP2 that blocks or warns before executing files from untrusted sources like the internet or email. It tags such files with an Alternate Data Stream (ADS) named `Zone.Identifier:$DATA`, which contains `[ZoneTransfer] ZoneId=3`. When you try to open a file with this ADS, a confirmation dialog appears. For more details, see An interesting way of bypassing Windows Attachment Manager.