Cybercriminals are exploiting the decades-old “finger” protocol, traditionally used on UNIX to retrieve user details, as a covert channel for malware delivery on modern Windows devices. Recent attacks show threat actors leveraging finger.exe to download remote payloads and bypass standard security monitoring, as most endpoint solutions overlook this legacy utility.
For IT leaders and MSPs, this highlights the importance of monitoring obscure binaries and legacy protocols, which often remain untracked. Disabling or restricting unused services like “finger” is crucial for defence-in-depth and asset management. The lesson: attack surfaces aren’t limited to zero-days—older, overlooked tools present real risks and must be included in security audits.
Decades-Old “finger” Protocol Resurfaces as Malware Attack Vector on Windows Devices
