If you’ve ever cut your teeth on UNIX systems, you’ll remember the “finger” command—a relic from another era, used to fetch details about users on remote machines. Harmless nostalgia, right? Not quite. As it turns out, cybercriminals never forget, and they’re breathing new life into this archaic protocol as a sneaky channel for malware delivery on modern Windows devices.
The Undead of the Command Line
While most of us have relegated “finger” to the annals of computer history, researchers have flagged a fresh wave of attacks where threat actors harness this protocol to sidestep security tools and retrieve commands on infected endpoints. It’s a cunning move: with so much attention on flashy new exploits, who’s watching for decades-old utilities cropping up in suspicious logs?
How Does This Exploit Work?
- Attackers leverage the “finger” protocol to download and execute remote payloads
- It minimises detection because most security teams barely register “finger.exe” as malicious traffic
- The protocol’s simplicity and age paradoxically work in its favour
What’s the Risk for Organisations?
For MSPs and IT leaders, these attacks are a reminder that legacy protocols lurking in the OS matter as much as the latest zero-days. Few endpoint security platforms monitor for “finger” activity by default, leaving a blind spot that’s ripe for exploitation—particularly in less-locked-down environments.
If you’re in the compliance or audit world, it’s another tick in the column for comprehensive asset management and reduction of attack surface. Disabling or restricting unused services isn’t just good hygiene; it’s a bona fide defence-in-depth measure.
Editor’s Take
This episode is a classic case of old tools finding new jobs. My advice: inventory your endpoints, pay attention to obscure binaries (like “finger.exe”), and ensure your monitoring extends beyond just the usual suspects. The past has a nasty habit of biting back.
Original story: https://www.bleepingcomputer.com/news/security/decades-old-finger-protocol-abused-in-clickfix-malware-attacks/
