Your SlideShare is downloading. ×
0
Phishing: a Case for Information Sharing
Gary Warner
Director of Research
in Computer Forensics
Some Phishing Numbers
2
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
New Phish...
UAB Computer Forensics
Research Laboratory
The goal of our research lab is to address
this type of disparity in three ways...
Cybercrime Scholars
4
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Since 2007 ...
Cybercrime Research
Our 35-workstation lab is divided into three areas:
- Spam & Phishing Lab
- Malware & Forensics Lab
- ...
Big Computers for Big Evidence
6
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
...
UAB’s Phishing Process
7
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
From “Re...
Typical Phishing Site
8
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Here’s a ...
Not all criminals are the same
–
9
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 201...
Patterns
10
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
0
10
20
30
40
50
60
7...
Patterns
11
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Just because a site
c...
Patterns
– In that example, the criminal has created an
unfortunate “signature” for himself.
– He sampled the real bank’s ...
Which Phishing Group
is your priority?
13
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingh...
UAB PhishIntel for BBVA
14
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
A live phish . . .
15
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Asks for our password
16
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Asks for our Security Questions
17
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Then sends us to Real Bank site
In the BBVA Compass log files
there will be a ‘referrer tag’
telling us that the customer ...
Seven Steps of
a Phishing Investigation
• Spam Analysis
• Site Analysis
• Kit Analysis
• Phish Clustering
• Log Analysis
•...
Automated Kit Extraction
– Here’s an example of how the email addresses found
in kits are useful.
– Today we had two Bank ...
Sometimes we learn their email
addresses
In this example:
pijudito@yahoo.com.ar
chanetonjorge@yahoo.co
m.ar
platitacash@gm...
UAB PhishIntel
22
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
In this example...
PhishIntel email report
The email report proves that this email address,
luisfeolivo@hotmail.com
Was also used on the webs...
1 phisher – 49 sites
• Using this technique, last week we discovered a
phisher using the emails nasfat2011@blumail.org
and...
Information Sharing
• How would any of those banks know that
another bank was investigating this criminal?
25
Phishing: A ...
Turnkeyconcepts.com
26
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
The “Kit” for the phish
27
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Hidden in each of his
kits is a backdoor.
28
Phishing: A Case for Information Sharing
© The University of Alabama at Birmi...
Open Source Intelligence
– The Kit reveals that it’s author was:
• shady-flow@live.fr
– shady-islam, on the Arabic languag...
Open Source Intelligence
30
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Here’...
UAB Spam Data Mine
– Since we also have the UAB Spam Data Mine, we can
search for a copy of the email that sent this phish...
Copy of the email from the
UAB Spam Data Mine
Security Precaution,
For optimal viewing of the Bank of America Web site, we...
“Free” backdoored web kits
33
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
The...
Chase kit “Action” file
The downloader of the kit is instructed
that the only thing he has to do is update
the “$send” var...
A Mister Brain example
35
Phishing: A Case for Information Sharing
© The University of Alabama at Birmingham, 2011
Some Success –
but still a drop in the bucket
36
Phishing: A Case for Information Sharing
© The University of Alabama at B...
Very Organized Crime:
Operation Phish Phry
37
Phishing: A Case for Information Sharing
© The University of Alabama at Birm...
Brand Impact varies widely
(2011 to date numbers)
# of brands seen # of sites seen
3 5000+ sites
12 1000-4999 sites
59 100...
Zeus
– Zeus is a “keylogging” botnet responsible for stealing
many millions of userids and passwords last year.
– Zeus can...
Zeus Arrests
– While some criminals who use Zeus were arrested last
year in the USA, United Kingdom, and Ukraine, many
peo...
Zeus & Information Sharing
– In the same way that one criminal attacks many banks
with phishing, one criminal also can att...
Zeus Action Example
– Here is one we decoded last summer:
• +++++++++++++++++++++++++++++++++++++++++++++++++
• Target URL...
Zeus Action Example
In that configuration file were found 176 different
banking websites.
Unless they also decrypted the c...
APWG –
the Anti-Phishing Working Group
That is one of the purposes of the Anti-Phishing Working
Group. The APWG exists to ...
APWG –
the Anti-Phishing Working Group
In addition to sharing between members, the
APWG encourages the reporting of new ph...
APWG –
the Anti-Phishing Working Group
http://www.antiphishing.org/
For more details about meetings, and how to join.
46
P...
Working with UAB
At UAB, we also work closely with many banks,
and with law enforcement. We provide
information for free t...
Working with UAB
UAB is also always looking for students. We offer a
Masters degree in “Computer Forensics and Security
Ma...
We Want To Help
Gary Warner
Director of Research in Computer Forensics
A Research Partnership between
The University of Al...
Upcoming SlideShare
Loading in...5
×

Grupo de Trabajo Anti-Phising // Anti Phising Working Group

936

Published on

Ponencia de Gary Warner. Director de Investigación en Informática Forense. Universidad de Alabama en Birmingham.
Presentation by Gary Warner. Director of Research in Computer Forensics. The University of Alabama at Birmingham.

Curso de Verano / Summer Course CIGTR/URJC 2011

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
936
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Grupo de Trabajo Anti-Phising // Anti Phising Working Group"

  1. 1. Phishing: a Case for Information Sharing Gary Warner Director of Research in Computer Forensics
  2. 2. Some Phishing Numbers 2 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 New Phish First Date Seen 616 2011-06-01 647 2011-06-02 429 2011-06-03 340 2011-06-04 377 2011-06-05 752 2011-06-06 681 2011-06-07 742 2011-06-08 569 2011-06-09 485 2011-06-10 271 2011-06-11 360 2011-06-12 674 2011-06-13 In the month of May 2011 the UAB Phishing Intelligence system gathered evidence on 16,351 distinct phishing sites imitating 218 different financial institutions or brands. In 2011 we’ve seen 85,797 distinct phishing URLs imitating 373 different financial institutions or brands. We believe that less than 1% of these cases of computer intrusion for purposes of financial and identity theft are investigated as a crime. In other words, for 99% of these criminals, Crime Pays.
  3. 3. UAB Computer Forensics Research Laboratory The goal of our research lab is to address this type of disparity in three ways: 3 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 #1 – training tomorrow’s cybercrime fighters #2 – providing better tools to law enforcement and investigative support for complex crimes #3 – educating the public about cyber threats and how to respond to them
  4. 4. Cybercrime Scholars 4 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 Since 2007 we have offered graduated students in Computer & Information Sciences or Justice Sciences a “Certificate in Digital Forensics” Since 2010, undergraduates choosing a major/minor in Computer Science and Criminal Justice could apply for the “Internet Identity Scholarship”. This year four students will have their full tuition paid from a pool of more than twenty applicants. Beginning in 2011, we also offer a Masters in Computer Forensics & Security Management (MS-CFSM). We strongly support the APWG “eCrime Researchers Summit” to encourage other academics to pursue cybercrime studies.
  5. 5. Cybercrime Research Our 35-workstation lab is divided into three areas: - Spam & Phishing Lab - Malware & Forensics Lab - Investigators Bullpen The spam & phishing lab provides access to more than 500 million spam email messages in the UAB Spam Data Mine and to the UAB PhishIntel system. More than 200 investigators have accounts to PhishIntel today. The malware & forensics lab supports local, federal, and international law enforcement on cases involving malware or complex data environments. 5 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  6. 6. Big Computers for Big Evidence 6 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 This is a picture of the “Rushmore” cluster 16 Pentium cores on 14 servers = 224 processors dedicated to analyzing cybercrime data Sharing investigative data with agencies such as: - Alabama Bureau of Investigation - FBI Cyber - DHS’s ICE (Immigration and Customs) - Drug Enforcement Agencies “Pharm & Chem Internet Investigations” team - Germany’s BKA (Bundes Kriminal Amt) - Netherlands High Tech Crimes Unit -UK’s Serious & Organised Crime Agency
  7. 7. UAB’s Phishing Process 7 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 From “Reeling in Big Phish with a Deep MD5 Net” by UAB’s Wardman, Warner, Turner & McCalley
  8. 8. Typical Phishing Site 8 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 Here’s a typical phishing site. This one is hosted on “violinocaffe.com”, a website that has been hacked by the phisher. After hacking the server, the criminal uploads his “phishing kit” and unpacks it to create this website on that server.
  9. 9. Not all criminals are the same – 9 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 Without additional data, you do not know which phishing site was created by a twelve year old as a prank and which are being run by million dollar crime syndicates
  10. 10. Patterns 10 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 0 10 20 30 40 50 60 70 Victims Per Site Victims Per Site If we agree that some sites have more victims than others, how could we determine this? How will this impact our behavior?
  11. 11. Patterns 11 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 Just because a site captured the most userids and passwords does not mean it is responsible for the greatest financial losses. How could we tie losses to sites?
  12. 12. Patterns – In that example, the criminal has created an unfortunate “signature” for himself. – He sampled the real bank’s website during “Black History Month”. – Only one criminal group was doing this. We used that information to justify a search. 12 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  13. 13. Which Phishing Group is your priority? 13 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  14. 14. UAB PhishIntel for BBVA 14 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  15. 15. A live phish . . . 15 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  16. 16. Asks for our password 16 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  17. 17. Asks for our Security Questions 17 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  18. 18. Then sends us to Real Bank site In the BBVA Compass log files there will be a ‘referrer tag’ telling us that the customer who has just arrived at our website came from “mojaishrana.info” This will help us identify customers who may have become victims, and to also measure the impact of this particular phish. 18 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  19. 19. Seven Steps of a Phishing Investigation • Spam Analysis • Site Analysis • Kit Analysis • Phish Clustering • Log Analysis • Search Warrant Analysis • Open Source Intelligence 19 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 UAB offers training to law enforcement and corporate investigators on the topic of phishing, based on our “Seven Steps of a Phishing Investigation” methology. We won’t go into deep detail here, as its intended as an all-day class. . . .
  20. 20. Automated Kit Extraction – Here’s an example of how the email addresses found in kits are useful. – Today we had two Bank of America phishing sites that both contained the same “drop email address” – the email account to which the stolen credentials are sent. 20 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  21. 21. Sometimes we learn their email addresses In this example: pijudito@yahoo.com.ar chanetonjorge@yahoo.co m.ar platitacash@gmail.com luisfeolivo@hotmail.com All receive the stolen credentials by email. 21 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  22. 22. UAB PhishIntel 22 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 In this example, tonijuve123@gmail.com has been found in eight different Paypal phishing sites dating back to March 12th and ranging up to June 14th.
  23. 23. PhishIntel email report The email report proves that this email address, luisfeolivo@hotmail.com Was also used on the websites: Designhotelbarcelona.com Mirorestobar.com.uy Raioreformaseoye.com Inequal.com Poderciudadano.com.ar Adonaimiami.com Yamburara.com Dustproductions.se Three of those were BBVA phish, but six others were Santander phish. 23 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  24. 24. 1 phisher – 49 sites • Using this technique, last week we discovered a phisher using the emails nasfat2011@blumail.org and nasfat2011@gmail.com has successfully used 49 phishing sites from May 15 to June 28th. • 4 Bank of America, 1 Egg Bank, 1 Halifax, 3 HSBC, 1 M&T, 5 Regions Bank, 2 Royal Bank of Canada, 6 Santander, 3 US Bank and 22 sites against the British Tax authority, Her Majesty’s Revenue Collection Service. 24 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  25. 25. Information Sharing • How would any of those banks know that another bank was investigating this criminal? 25 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  26. 26. Turnkeyconcepts.com 26 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  27. 27. The “Kit” for the phish 27 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  28. 28. Hidden in each of his kits is a backdoor. 28 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 See the line that has “eval(base64_decode”? When we base64 Decode that blob of text, we find the hidden email address: f9ih.carlos@gmail.com So, while today’s copy of this phishing kit sends its stolen credentials to legendaryzones@gmail.com It secretly ALSO sends the stolen data to “f9ih.carlos” which is an alias for “shady- flow”. We’ve seen this 30 times so far this year.
  29. 29. Open Source Intelligence – The Kit reveals that it’s author was: • shady-flow@live.fr – shady-islam, on the Arabic language hacker website “arhack.net” also uses that email as his MSN chat handle according to his signature. – Shady-islam signs all of his emails with an anti-Israeli statement about the Jewish oppressors killing apostles and prophets and ending with: – ‫العزة‬ ‫و‬ ‫الجالل‬ ‫ذا‬ ‫يا‬ ‫غزة‬ ‫فى‬ ‫المسلمين‬ ‫حرر‬ ‫اللهم‬ – “Oh God, Lord of Might and Glory, free the Muslims of Gaza” 29 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  30. 30. Open Source Intelligence 30 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 Here’s Shady-Flow’s Facebook page, where he reveals that he works as a DJ at “FL Studio” in Casablanca, Morocco since February of 2007. His high school must have been pretty interesting, as it was named “Hacking world.”
  31. 31. UAB Spam Data Mine – Since we also have the UAB Spam Data Mine, we can search for a copy of the email that sent this phish: – select * from spam_link natural join spam where receiving_date = '2011-06-13' and machine = 'www.turnkeyconcepts.com'; – iid.11Jun13.0645.5834 | www.turnkeyconcepts.com | /Testimonials_files/Bankofamerica.com/Boa/index.ht ml | Bank Of America Alert: You have 1 new Security Message. | Bank Of America N/A | alert.security | bofa.com | 212.5.219.68/32 | 2011-06-13 | | Jun-13-2011 | 31 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  32. 32. Copy of the email from the UAB Spam Data Mine Security Precaution, For optimal viewing of the Bank of America Web site, we recommend that you enable CSS. We at Bank Of America work hard to ensure the security of our clients, In carrying out our responsibility, We recently had cause to suspect that there has been attempts to log into your account, There were multiple password failures during the course of the illegal attempt to log into your account. Though the attempts were unsuccesful We need you to re-confirm your account information by filling in your precise and current account information. If this is not completed within the next 8hrs, we will be forced to suspend your account indefinitely. To re-confirm, Please Sign on and verify your identity: Sign On Bank Of America helps you to plan your financial future. Thank you for helping us protect your account Sincerely, Bankofamerica.com Security Advisor =================== The words "Sign On" are a link to the phishing website: http://www.turnkeyconcepts.com/Testimonials_files/Bankofamerica.com/Boa/index.html 32 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  33. 33. “Free” backdoored web kits 33 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 These “free” kits contain back doors that cause the users of the kits to actually also send all stolen credentials to the Kit Creators. Collectively these are known as “Mister Brain Kits” after the most prevalent group doing these scams out of Morocco.
  34. 34. Chase kit “Action” file The downloader of the kit is instructed that the only thing he has to do is update the “$send” variable in this action file with his own email address. He misses the “include” statement at the top. The included file populates a new variable “$IP” with the kit authors email address bestscam@gmail.com The “send array” at the bottom makes sure that BOTH emails get the stolen data. 34 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  35. 35. A Mister Brain example 35 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  36. 36. Some Success – but still a drop in the bucket 36 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 36 Recently Romanian authorities, working on tips developed with the FBI’s Internet Crime & Complaint Center, arrested 70 hackers The FBI’s Legal Attache to Romania says cyber criminals in that country steal “hundreds of millions of dollars each year” from North Americans.
  37. 37. Very Organized Crime: Operation Phish Phry 37 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011 32 Indictments in an example of a US-based organized crime phishing group
  38. 38. Brand Impact varies widely (2011 to date numbers) # of brands seen # of sites seen 3 5000+ sites 12 1000-4999 sites 59 100-999 sites 41 25-99 sites 45 10-24 sites 46 5-9 sites 73 2-4 sites 96 1 site 38 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  39. 39. Zeus – Zeus is a “keylogging” botnet responsible for stealing many millions of userids and passwords last year. – Zeus can also use infected computers for remote control. – This means they can log in to your bank from your customer’s computer, using the correct userid, password, cookie file, browser, IP address and computer. 39 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  40. 40. Zeus Arrests – While some criminals who use Zeus were arrested last year in the USA, United Kingdom, and Ukraine, many people have the source code and many criminals are using this botnet software. – To learn more about the Zeus arrests, read about “Operation Trident BreACH” from the FBI 40 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  41. 41. Zeus & Information Sharing – In the same way that one criminal attacks many banks with phishing, one criminal also can attack many banks with malware. – Zeus contains an encrypted “configuration file” that contains a list of URLs. If the user visits any of those URLs, special actions may occur. 41 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  42. 42. Zeus Action Example – Here is one we decoded last summer: • +++++++++++++++++++++++++++++++++++++++++++++++++ • Target URL: https://www.bbvacompass.com/contact/ • field 1: <head> • field 2: </body> • field 3: <title>Tresury Management wesite is currently unavailable</title></head><body><center><img src="https://e- access.compassbank.com/bbw/brandimage/Login1?t=4" alt=""><br>Due to system maintenance, online Treasury Management will be unavailable for 24 hours. Please try to access this page at a later point or if you have any questions contact our technical support at 1-858-633-0539.</center> • ++++++++++++++++++++++++++++++++++++++++++++++++ – In this example, the displayed web page replaces the “Contact Us” link with a message saying to call a telephone number controlled by the criminal instead. 42 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  43. 43. Zeus Action Example In that configuration file were found 176 different banking websites. Unless they also decrypted the config file, none of those banks are aware that they are being targeted by the same criminal. 43 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  44. 44. APWG – the Anti-Phishing Working Group That is one of the purposes of the Anti-Phishing Working Group. The APWG exists to help banks that are being victimized by cybercriminals share information. In April, the APWG “Counter-eCrime Operations Summit” is for technical sharing between the members of the group who work on defending banks. In 2011 this meeting was in Malaysia. In 2010 it was in Sao Paulo, Brazil In November, the APWG General Meeting is held with the “eCrime Researchers Summit” is a meeting where we encourage University scientists and researchers to work on problems to build better technology to fight cybercrime. 44 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  45. 45. APWG – the Anti-Phishing Working Group In addition to sharing between members, the APWG encourages the reporting of new phishing sites so they may be shared with all members. We also work actively with Law Enforcement. I am the co-chair of the “Working with Law Enforcement” committee, and we look forward to working more closely with law enforcement around the world. 45 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  46. 46. APWG – the Anti-Phishing Working Group http://www.antiphishing.org/ For more details about meetings, and how to join. 46 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  47. 47. Working with UAB At UAB, we also work closely with many banks, and with law enforcement. We provide information for free to law enforcement. We encourage banks to support our research through sponsorship, or by becoming a partner in our Center for Information Assurance and Joint Forensics Research. 47 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  48. 48. Working with UAB UAB is also always looking for students. We offer a Masters degree in “Computer Forensics and Security Management” We also are always looking for Computer Science students to seek our PhD or Masters Degree. We do have a Spanish-speaking faculty member, Dr. Thamar Solorio, who would be happy to serve as point of contact for potential PhD students from Spain and other countries represented today. Thamar specializes in Natural Language Processing and Artificial Intelligence, and works very closely with the UAB Computer Forensics Research Laboratory. 48 Phishing: A Case for Information Sharing © The University of Alabama at Birmingham, 2011
  49. 49. We Want To Help Gary Warner Director of Research in Computer Forensics A Research Partnership between The University of Alabama at Birmingham’s Department of Computer & Information Sciences & Department of Justice Sciences gar@uab.edu +1.205.422.2113 For PhD student recruiting Dr. Thamar Solorio solorio@cis.uab.edu Website: www.cis.uab.edu/forensics/ Blog: garwarner.blogspot.com Spam as Evidence © The University of Alabama at Birmingham, 2011 49
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×