finger protocol

The finger protocol, a legacy network protocol from the early Unix era, is included in Windows as the finger.exe utility. Recent security research highlights a new attack vector where threat actors abuse finger.exe and TCP port 79 in ClickFix social-engineering campaigns. In these attacks, finger.exe is used as a LOLBIN (Living Off the Land Binary) to retrieve encoded PowerShell or script fragments from attacker-controlled servers, which are then decoded and executed on the victim's machine. This technique exploits the protocol's ability to return arbitrary data, turning a decades-old tool into a covert delivery channel. Discussions on WindowsForum.com cover the technical details of this abuse, mitigation strategies, and the broader implications for enterprise security.