Hackers access the Windows Name/Finger communications protocol using it against itself to infiltrate and make off with data.
John Page discovered a sneaky, unorthodox way hackers use the Name/Finger network communication protocol to exfiltrate files from a network.
The Windows Name/Finger communications protocol uses a rudimentary command hackers access to control the module, sending commands to move, copy or delete files without alerting Windows Defender or other security protocols you may have running.
Since these techniques leverage executables native to the OS, they rarely trigger defensive mechanisms like Windows Defender or the company’s anti-malware software suite.
Mister Page developed a pair of proof of concept scripts, which prove that his technique is viable. However, to this point, Microsoft has not responded nor indicated when a fix might be forthcoming.
The Windows Name/Finger protocol also shows several other binaries in the OS that are just as vulnerable, allowing hackers access to a wide range of data. Oddly, that includes Windows Defender, which highjackers use via the command lines and forced to download files.
These types of attacks are notoriously difficult to detect and prevent, so the best you can do to safeguard yourself and your sensitive data are to be mindful of the possibilities.
