* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [未分類](https://www2.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr) * 網絡攻擊者模仿知名品牌網站域名以欺騙消費者... # 網絡攻擊者模仿知名品牌網站域名以欺騙消費者 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fcybersquatting%2F%3Flang%3Dzh-hant) [](https://twitter.com/share?text=%E7%B6%B2%E7%B5%A1%E6%94%BB%E6%93%8A%E8%80%85%E6%A8%A1%E4%BB%BF%E7%9F%A5%E5%90%8D%E5%93%81%E7%89%8C%E7%B6%B2%E7%AB%99%E5%9F%9F%E5%90%8D%E4%BB%A5%E6%AC%BA%E9%A8%99%E6%B6%88%E8%B2%BB%E8%80%85&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fcybersquatting%2F%3Flang%3Dzh-hant) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fcybersquatting%2F%3Flang%3Dzh-hant&title=%E7%B6%B2%E7%B5%A1%E6%94%BB%E6%93%8A%E8%80%85%E6%A8%A1%E4%BB%BF%E7%9F%A5%E5%90%8D%E5%93%81%E7%89%8C%E7%B6%B2%E7%AB%99%E5%9F%9F%E5%90%8D%E4%BB%A5%E6%AC%BA%E9%A8%99%E6%B6%88%E8%B2%BB%E8%80%85&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/09/cybersquatting/?lang=zh-hant&ts=markdown) [](mailto:?subject=網絡攻擊者模仿知名品牌網站域名以欺騙消費者) Link copied By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?lang=zh-hant&ts=markdown "Posts by Unit 42") Sep 02, 2020 1 minutes [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [威脅情報](https://www.paloaltonetworks.com/blog/tag/%e5%a8%81%e8%84%85%e6%83%85%e5%a0%b1-zh-hant/?lang=zh-hant&ts=markdown) This post is also available in: [简体中文 (簡體中文)](https://www2.paloaltonetworks.com/blog/2020/09/cybersquatting/?lang=zh-hans "Switch to 簡體中文(简体中文)") 網絡犯罪分子利用域名在互聯網上的重要性,註冊與現有域名或品牌相關的名稱,務求從用戶的錯誤中圖利。這種行為稱為「域名搶注」(cybersquatting),雖然域名搶注不一定對用戶有害,但遭搶注的域名經常被利用或改用於網絡攻擊。 Palo Alto Networks威脅情報團隊Unit 42旗下的域名搶注檢測系統發現,共有13,857個域名於2019年12月遭搶注,平均每天450個。情報團隊發現,當中有2,595個 (18.59%) 遭搶注的域名為惡意,經常發佈惡意軟件或進行網絡釣魚攻擊,另有 5,104個 (36.57%) 遭搶注的域名對訪客構成高風險,意味這些域名與惡意網址有關,或使用防彈主機 (bulletproof hosting)。 根據調整後的惡意比率,Palo Alto Networks列出在2019年12月最常被濫用的20個域名。這些域名都是與許多搶注的域名相關,或大部分模仿的搶注域名被確認為惡意。團隊發現,域名搶注分子喜歡有利可圖的目標,例如主流搜索引擎及社交媒體、金融、購物和銀行網站,並透過網絡釣魚和騙局,竊取用戶機密的身份驗證資料或金錢。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/chart-18.png) *圖* *一* *:* *2019* *年* *12* *月最常* *被* *濫用的* *20* *個域名* 由2019年12月至今,Palo Alto Networks觀察到不同惡意域名各有不同目的: * **網絡釣魚:** 一個與富國銀行相關的域名 (secure-**wellsfargo** \[.\]org) 以竊取客戶的敏感資料為目的,包括電郵身份驗證資料和ATM密碼。此外,一個與Amazon相關的域名 (**amazon**-india\[.\]online) 會竊取用戶的身份驗證資料,特別是印度的手機用家。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/Screen-Shot-2020-08-28-at-7.25.45-PM.png) *圖* *二* *:偽冒的* *Amazon* *網站:* ***amazon*** *-india\[.\]online* * **散播惡意軟件:** 一個與Samsung相關的域名 (**samsung** eblya**iphone**\[.\]com) 載有惡意軟件Azorult,能竊取信用卡資料。 * **指揮控制** **(C2)** **:** 與Microsoft相關的域名 (**microsoft** -store-drm-server\[.\]com和 **microsoft**-sback-server\[.\]com) 試圖進行C2攻擊,危害整個網絡。 * **再付費詐騙:** 數個與Netflix相關的釣魚網站 (例如**netflix**brazilcovid\[.\]com) 首先以小金額的首次付款優惠誘使用戶訂購減肥藥等產品。但是,如果用戶在促銷期後沒有取消訂購,其信用卡則會被收取更高的費用,通常介乎50至100美金。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/word-image-65.png) *圖* *三* *a* *:* ***netflix*** *brazilcovid\[.\]com* *上偽冒的* *Netflix* *主頁* ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/word-image-67.png) *圖* *三* *b* *:以社交工程詐騙用戶的獎賞電郵* * **潛在附加程式** **(Potentially unwanted program** **,** **PUP)** **:** 與Walmart及Samsung相關的域名 (**walrmart**44\[.\]com和**samsung** pr0mo\[.\]online) 散播潛在附加程式,例如間諜軟件、廣告軟件或瀏覽器擴充功能。這些域名通常會執行不需要的更改,例如更改瀏覽器的默認頁面或騎劫瀏覽器以插入廣告。值得一提的是,這個Samsung域名看似是個正規的澳洲教育新聞網站。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/word-image-62.png) *圖* *四* *:點擊來自* ***samsung*** *pr0mo\[.\]online* *的警告訊息後,出現偽造的病毒掃描頁面* * **技術支援騙局:** 一些與Microsoft相關的域名 (例如**microsoft**-alert\[.\]club) 試圖威嚇用戶購買偽冒的客戶支援。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/word-image-63.png) *圖* *五* *:* ***microsoft*** *-alert\[.\]club* *上偽冒的技術支援頁面* * **獎賞騙局:** 一個與Facebook相關的域名 (**facebook**winners2020 \[.\] com) 以免費產品或金錢等獎賞騙取用戶。用戶需要在表格填寫個人資料,例如出生日期、電話號碼、職業和收入,才能領取獎賞。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/word-image-70.png) * **域名停泊:** 一個與加拿大皇家銀行相關的域名 (rby**royalbank** \[.\]com) 利用流行的域名停泊服務ParkingCrew,根據瀏覽該網站的用戶數量及廣告點擊率來賺取利潤。 Unit 42研究人員調查了各種域名搶注技倆,包括錯別字搶注 (typosquatting)、組合詞搶注 (combosquatting)、級別搶注 (level-squatting),字母差異搶注 (bitsquatting) 及同形異義字搶注 (homograph-squatting)。惡意分子可以利用這些技倆散播惡意軟件或進行欺詐和網絡釣魚活動。 Palo Alto Networks特別開發了自動化系統檢測域名搶注,能夠從新註冊的域名以及被動DNS (pDNS) 數據中採集潛伏的動態。Palo Alto Networks識別惡意及可疑的域名搶注,並將其分類為適當類別,例如網絡釣魚、惡意軟件、C2或灰色軟件。多個Palo Alto Networks的保安計劃已提供針對這些域名類別的保護,包括[URL篩選](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/url-filtering.html)和[DNS保安](https://www.paloaltonetworks.com/products/threat-detection-and-prevention/dns-security)。 Palo Alto Networks建議企業阻止及密切監察網絡流量,而消費者應確保正確輸入域名,並在進入任何網站前仔細檢查域名持有者是否可信。如需更多有關如何防範網絡攻擊的詳情,請按[此處](https://www.paloaltonetworks.com/blog/2020/04/network-working-from-home/)。 如欲了解是次研究的更多詳情,請瀏覽[Unit 42 網誌](https://unit42.paloaltonetworks.com/cybersquatting/)。 *** ** * ** *** ## Related Blogs ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Strata Copilot - 加速邁向自發性網路安全性的未來](https://www2.paloaltonetworks.com/blog/network-security/introducing-strata-copilot/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 醫療企業是勒索軟體攻擊者的首要目標](https://www2.paloaltonetworks.com/blog/2021/10/healthcare-organizations-are-the-top-target/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 適用於 5G 的零信任:實現安全的數位轉型](https://www2.paloaltonetworks.com/blog/2021/10/zero-trust-for-5g-digital-transformation/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 網路攻擊鎖定金融服務企業的 3 個原因以及防禦方式](https://www2.paloaltonetworks.com/blog/2021/10/financial-services-cyberattacks/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 連續 7 年提供出色的客戶服務](https://www2.paloaltonetworks.com/blog/2021/10/delivering-outstanding-customer-service/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Palo Alto Networks 研究:61% 的企業難以確保在家工作的遙距網絡安全](https://www2.paloaltonetworks.com/blog/2021/09/state-of-hybrid-workforce-security-2021/?lang=zh-hant) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language