Spyware and trosen horces
Transcript of Spyware and trosen horces
-
8/8/2019 Spyware and trosen horces
1/53
Spyware and Trojan HorsesComputer Security Seminar Series
[SS1]
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
-
8/8/2019 Spyware and trosen horces
2/53
Your computer could be watching yourevery move!
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source - http://www.clubpmi.it/upload/servizi_marketing/images/spyware.jpg
-
8/8/2019 Spyware and trosen horces
3/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Introduction
-
8/8/2019 Spyware and trosen horces
4/53
Seminar Overview
Introduction to Spyware / Trojan Horses
Spyware Examples, Mechanics, Effects, Solutions
Tracking Cookies Mechanics, Effects, Solutions
Trojan Horses Mechanics, Effects, More Examples
Solutions to the problems posed
Human Factors Human interaction with Spyware
System X Having suitable avoidance mechanisms
Conclusions Including our proposals for solutions
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
-
8/8/2019 Spyware and trosen horces
5/53
Definitions
A general term for a program that surreptitiously monitors your
actions. While they are sometimes sinister, like a remote
control program used by a hacker, software companies have
been known to use Spyware to gather data about customers.
The practice is generally frowned upon.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
An apparently useful and innocent program containing additionalhidden code which allows the unauthorized collection,
exploitation, falsification, or destruction of data.
Definition from: Texas State Library and Archives Commission - http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html
SPYWARE
TROJAN
HORSE
Definition from: BlackICE Internet Security Systems - http://blackice.iss.net/glossary.php
-
8/8/2019 Spyware and trosen horces
6/53
Symptoms
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Targeted Pop-ups
Slow Connection
Targeted E-Mail (Spam)
Unauthorized Access
Spam Relaying
System Crash
Program Customisation
SPYWARE
SPYWARE / TROJAN
SPYWARE
TROJAN HORSE
TROJAN HORSE
SPYWARE / TROJAN
SPYWARE
-
8/8/2019 Spyware and trosen horces
7/53
Summary of Effects
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Collection of data from your computer without consent
Execution of code without consent
Assignment of a unique code to identify you
Collection of data pertaining to your habitual use
Installation on your computer without your consent
Inability to remove the software
Performing other undesirable tasks without consent
-
8/8/2019 Spyware and trosen horces
8/53
Similarities / Differences
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware Trojan Horses
Commercially Motivated Malicious
Internet connection required Any network connection required
Initiates remote connection Receives incoming connection
Purpose: To monitor activity Purpose: To control activity
Collects data and displays pop-ups Unauthorized access and control
Legal Illegal
Not Detectable with Virus Checker Detectable with Virus Checker
Age: Relatively New (< 5 Years) Age: Relatively Old ( > 20 Years)
Memory Resident Processes
Surreptitiously installed without users consent or understanding
Creates a security vulnerability
Source Table derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
-
8/8/2019 Spyware and trosen horces
9/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Spyware
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source The Gator Corporation http://www.gator.com
-
8/8/2019 Spyware and trosen horces
10/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Software Examples
GAIN / Gator
Gator E-Wallet
Cydoor
BonziBuddy
MySearch Toolbar
DownloadWare
BrowserAid
Dogpile Toolbar
Image Sources
GAIN Logo The Gator Corporation http://www.gator.comBonziBuddy Logo Bonzi.com - http://images.bonzi.com/images/gorillatalk.gifDownloadWare Logo DownloadWare - http://www.downloadware.net
-
8/8/2019 Spyware and trosen horces
11/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Advantages
Precision Marketing
Relevant pop-ups are better than all of them!
You may get some useful adverts!
Useful Software
DivX Pro, IMesh, KaZaA, Winamp Pro
(Experienced) people understand what they are installing.
Enhanced Website Interaction
Targeted banner adverts
Website customisation
User Perspective - I
-
8/8/2019 Spyware and trosen horces
12/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Disadvantages
Browsing profiles created for users without consent
Used for target marketing and statistical analysis
Unable to remove Spyware programs or disable them
Increased number of misleading / inappropriate pop-ups
Invasion of user privacy (hidden from user)
Often badly written programs corrupt user system
Automatically provides unwanted helpful tools
20 million+ people have Spyware on their machines.
Source - Dec 02 GartnerG2 ReportUser Perspective - II
-
8/8/2019 Spyware and trosen horces
13/53
Example Pop-up
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Misleading Pop-up
User Perspective - III
Image Source Browser Cleanser Directed pop-up from http://www.browsercleanser.com/
-
8/8/2019 Spyware and trosen horces
14/53
Network Overview
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Technical Analysis - I
Push
Advertising
Pull
Tracking
Personal data
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
-
8/8/2019 Spyware and trosen horces
15/53
Client-Side Operation
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Technical Analysis - II
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
-
8/8/2019 Spyware and trosen horces
16/53
Server-Side Operation
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Technical Analysis - III
Server-side operation is relatively unknown. However, if
we were to develop such a system, it would contain
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
-
8/8/2019 Spyware and trosen horces
17/53
Spyware Defence
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Technical Initiatives...
Spyware Removal Programs
Pop-up Blockers Firewall Technology
Disable ActiveX Controls
Not Sandboxed
E-Mail Filters
Download Patches
User Initiatives
Issue Awareness
Use Legitimate S/W Sources Improved Technical Ability
Choice of Browser
Choice of OS
Legal action taken against
breaches of privacy
Oct 02 Doubleclick
-
8/8/2019 Spyware and trosen horces
18/53
GAIN Case Study
Installed IMesh, which includes Gator Installation
We accessed multiple internet sites
We simultaneously analyzed network traffic (using IRIS)
We found the packets of data being sent to GAIN
Packets were encrypted and we could not decrypt them
See Example ->
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
-
8/8/2019 Spyware and trosen horces
19/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source Screenshot of IRIS v3.7 Network Analyser Professional Networks Ltd. See http://www.pnltools.com.
-
8/8/2019 Spyware and trosen horces
20/53
Spyware Removers
Ad-aware (by Lavasoft)
Reverse Engineer Spyware
Scans Memory, Registry and Hard Drive for Data Mining components
Aggressive advertising components
Tracking components
Updates from Lavasoft
Plug-ins available
Extra file information
Disable Windows Messenger Service
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source Screenshot of Ad-aware 6.0. LavaSoft. See http://www.lavasoft.com
-
8/8/2019 Spyware and trosen horces
21/53
Vulnerable Systems
Those with an internet connection!
Microsoft Windows 9x/Me/NT/2000/XP Does not affect Open Source OSs
Non - fire-walled systems
Internet Explorer, executes ActiveX plug-ins
Other browsers not affected
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
S d T j H C t S it S i 12th F b 2004
-
8/8/2019 Spyware and trosen horces
22/53
Tracking Cookies
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
S d T j H C t S it S i 12th F b 2004
-
8/8/2019 Spyware and trosen horces
23/53
Cookies
A Cookie is a small text file sent to the user from a website.
Contains Website visited
Provides client-side personalisation
Supports easy Login
Cookies are controlled by
Websites Application Server
Client-side Java Script
The website is effectively able to remember the user and their
activity on previous visits.
Spyware companies working with websites are able to use this
relatively innocent technology to deliver targeted REAL TIME
marketing, based on cookies and profiles.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Sp a e and T ojan Ho ses Comp te Sec it Semina 12th Feb a 2004
-
8/8/2019 Spyware and trosen horces
24/53
Case Study - DoubleClick
Most regular web users will have a doubleclick.net cookie.
Affiliated sites request the DoubleClick cookie on the users
computer. The site then sends
Who you are
All other information in your cookie file
In return for All available marketing information on you - collected from other
affiliated sites which the you have hit.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
25/53
Case Study DoubleClick
Site targets banner adverts, e-mails and pop-ups to the
user.
If the user visits an affiliated site without a DoubleClick
cookie, then one is sent to the user.
The whole process is opaque to the user and occurs
without their consent.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
26/53
Tracking Cookie Implementation
Protocol designed to only allow the domain who created a cookie to
access it.
IE has a number of security holes
Up to IE 5, domain names specified incorrectly.
Up to IE 6, able to fool IE into believing it is in another domain.
Patches and IE 6 solved a number of problems
Since then, tracking cookies are still proving a large problem, thereare still a number of holes still open.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
27/53
Tracking Cookie Implementation
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.ukImage Source Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [16].
-
8/8/2019 Spyware and trosen horces
28/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
29/53
Spyware and Trojan Horses Computer Security Seminar 12 February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Trojan Horses
-
8/8/2019 Spyware and trosen horces
30/53
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
31/53
Installation
Spyware and Trojan Horses Computer Security Seminar 12 February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Certificate Authority
Misleading Certificate
Description
Who is trusted?
Image Source Screenshot of MicrosoftInternet Explorer 6 security warning, priorto the installation of an ActiveX Controlfrom Roings.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
32/53
Effects
Allows remote access
To spy
To disrupt
To relay a malicious connection, so as to disguise the
attackers location (spam, hacking)
To access resources (i.e. bandwidth, files) To launch a DDoS attack
Spyware and Trojan Horses Computer Security Seminar 12 February 2004
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
33/53
Operation
Listen for connections
Memory resident
Start at boot-up
Disguise presence
Rootkits integrate with kernel Password Protected
py j p y y
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
34/53
Example: Back Orifice
Back Orifice
Produced by the Cult of the Dead Cow
Win95/98 is vulnerable
Toast of DefCon 6
Similar operation to NetBus Name similar to MS Product of the time
py j p y y
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
35/53
BO: Protocol
Modular authentication
Modular encryption
AES and CAST-256 modules available
UDP or TCP
Variable port
Avoids most firewalls
IP Notification via. ICQ
Dynamic IP addressing not a problem
py j p y y
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
36/53
BO: Protocol Example (1)
Attacker Victim
ICQ SERVER
CONNECTION
TROJAN
IP ADDRESS
AND PORT
IP ADDRESS
AND PORT
INFECTION OCCURS
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
37/53
BO: Protocol Example (2)
Attacker
CONNECTION
COMMAND
COMMAND EXECUTED
REQUEST FOR INFORMATION
INFORMATION
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Victim
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
38/53
BO: Protocol Example (3)
Attacker
CLEANUP COMMAND
EVIDENCE DESTROYED
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Victim
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
39/53
Trojan Horse Examples
M$ Rootkit
Integrates with the NT kernel
Very dangerous
Virtually undetectable once installed
Hides from administrator as well as user
Private TCP/IP stack (LAN only)
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
40/53
Trojan Horse Examples
iSpyNOW
Commercial
Web-based client
Assassin Trojan
Custom builds may be purchased
These are not found by virus scanners
Firewall circumvention technology
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
41/53
Trojan Horse Examples
Hardware
Key loggers
More advanced?
Magic Lantern
FBI developed
Legal grey area (until recently!)
Split virus checking world
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
42/53
Demonstration
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
43/53
Vulnerable Systems
DANGEROUS
Number of trojans in common use
RELATIVELY SAFELinu
x/Unix
Win
9x
MacOS
WinNT
Mac
OS
X
WinNT refers to Windows NT 4, 2000, XP and Server 2003.Win9x refers to Windows 95, 95SE, 98 and ME.Information Source: McAfee Security - http://us.mcafee.com/
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
44/53
Vulnerable Systems
DANGEROUS
Ease of compromise
RELATIVELY SAFEWin
9x
Linu
x/U
n ix
WinNT
Mac
OS
Mac
OS
X
WinNT refers to Windows NT 4, 2000, XP and Server 2003.Win9x refers to Windows 95, 95SE, 98 and ME.Information Source: McAfee Security - http://us.mcafee.com/
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
45/53
Conclusions
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
46/53
Security Implications
Divulge personal data
Backdoors into system
System corruption
Disruption / Irritation
Aids identity theft
Easy virus distribution
Increased spam
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Mass data collection
Consequences unknown
Web becomes unusable
Web cons outweigh pros
Cost of preventions
More development work
More IP addresses (IPv6)
Short Term Long Term
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
47/53
Solutions
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Firewall
Virus Checker
Spyware Remover
Frequent OS updates
Frequent back-up
Learning problems
Add Spyware to Anti-Virus
Automatic maintenance
Legislation
Education on problems
Biometric access
Semantic web (and search)
Short Term Long Term
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
48/53
Firewalls
3 Types
Packet Filtering Examines attributes of packet.
Application Layer Hides the network by impersonating theserver (proxy).
Stateful Inspection Examines both the state and context of the
packets.
Regardless of type; must be configured to work properly. Access rules must be defined and entered into firewall.
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Network / Internet
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
49/53
Web Server Firewall
http - tcp 80
telnet - tcp 23
ftp - tcp 21
http - tcp 80
Allow only http - tcp 80
Firewalls
Internet
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Network / Internet
PC Firewall
202.52.222.10: 80
192.168.0.10 : 1020
Only allow reply packets for requests madeoutBlock other unregistered traffic
202.52.222.10: 80
192.168.0.10 :1020
InternetP a c k e t F i l te ri ng
S ta te f u l I nsp e c ti o n
Image Source Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4].
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
50/53
Intrusion Detection Systems
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Network
PC
Server
Server
IDSFirewallSwitch
Intrusion Detection A Commercial Network Solution
An Intelligent Firewall monitors accesses for suspicious activity
Neural Networks trained by Backpropagation on Usage Data
Could detect Trojan Horse attack, but not designed for Spyware
Put the IDS in front of the firewall to get maximum detection
In a switched network, put IDS on a mirrored port to get all traffic.
Ensure all network traffic passes through the IDS host.
Internet
Image Source Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4].
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
51/53
System X
Composed of
Open Source OS
Mozilla / Opera / Lynx (!) Browser (Not IE)
Stateful Inspection Firewall
Anti-Virus Software
Careful and educated user
Secure permissions system
Regularly updated (possibly automatically)
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Network / Internet / Standalone
Spyware and Trojan Horses Computer Security Seminar 12th February 2004
-
8/8/2019 Spyware and trosen horces
52/53
Questions
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Image Source Penny Arcade - http://www.penny-arcade.com/view.php3?date=2002-07-19&res=l
-
8/8/2019 Spyware and trosen horces
53/53