Connect with us

Science

Criminals Revive Ancient ‘Finger’ Command for Malicious Attacks

Editorial

Published

3 months ago

on

A software tool that has largely faded from common use is now being exploited by cybercriminals for malicious purposes. The ancient “finger” command, originally designed to retrieve user information on Unix and later Windows systems, is witnessing a resurgence in attacks aimed at executing harmful code. Security researchers have reported a notable increase in campaigns utilizing this tool, particularly in scams known as “ClickFix,” where users are tricked into executing seemingly innocuous commands.

The Finger service, despite being considered outdated, is still supported by most operating systems, making it a target for attackers. According to research from Bleeping Computer, recent attacks leverage the Finger service as a conduit for harmful scripts. In one incident shared on social media platform Reddit, a user unwittingly executed a command after responding to a fake Captcha prompt. This command initiated a Finger call, which relayed information directly to the Windows command prompt, allowing malicious code to be reloaded and executed instantly.

Security experts have analyzed these attacks and discovered that the Finger responses often contain scripts that create temporary directories, rename essential system tools such as “curl,” and download malware from designated servers. In one documented case, a fake PDF archive was unpacked, revealing a Python module designed for spying. Other variations of the attack delivered the remote maintenance Trojan NetSupport Manager, which provides attackers with extensive control over compromised systems.

In some instances, these malicious routines are programmed to detect security analysis tools like Wireshark or Process Hacker. If found, the malware will terminate its own processes to avoid detection. Experts believe that these attacks likely originate from a single actor, highlighting the method’s effectiveness despite its simplicity. The reliance on social engineering tactics ensures that users inadvertently execute dangerous commands themselves.

To mitigate these risks, security researchers recommend blocking outgoing connections through TCP port 79, which is the port associated with the Finger service. Additionally, users should be cautioned against executing commands from unknown sources in the command line, regardless of how harmless they may appear.

As cyber threats evolve, it is crucial for users and organizations to remain vigilant. Awareness and education about these tactics can significantly reduce the likelihood of falling victim to such scams.

Related Topics:
Editorial

Our Editorial team doesn’t just report the news—we live it. Backed by years of frontline experience, we hunt down the facts, verify them to the letter, and deliver the stories that shape our world. Fueled by integrity and a keen eye for nuance, we tackle politics, culture, and technology with incisive analysis. When the headlines change by the minute, you can count on us to cut through the noise and serve you clarity on a silver platter.

Continue Reading

Trending

Copyright © All rights reserved. This website offers general news and educational content for informational purposes only. While we strive for accuracy, we do not guarantee the completeness or reliability of the information provided. The content should not be considered professional advice of any kind. Readers are encouraged to verify facts and consult relevant experts when necessary. We are not responsible for any loss or inconvenience resulting from the use of the information on this site.