Cybercriminals Encrypt Your Files, Demand $100 Ransom to Decrypt

October 29, 2009

This year has seen the escalation of many existing types of online crime and the introduction of entirely new exploits – including extortion – as criminals push into micro-payment revenue models and further diversify their revenue streams.
The most recent example of this is the LoroBot ransomware that encrypts popular file extensions on the users computer then demands a $100 for the decryption software.

If your computer becomes infected with the LoroBot, you may find yourself unable to open your documents, spreadsheets, photos, pdf’s and other common file types and instead see a ransom note informing you that your files have been held hostage (Image from ZDNet).

lorobot1

According to researchers from CA who found the ransomware, this particular bot appears to be mostly a bluff, but it demonstrates a new tactic in the ransomware arena which to date had focused primarily on locking users out of their computers entirely.

As the price to obtain ransomware continues to drop in underground markets, (average price is between $15 and $30) more cybercriminals will leverage these tools – and drive the demand for more exploitive innovation in this area.

Read the full article New LoroBot ransomware encrypts files, demands $100 for decryption on ZDnet.

Comments Off | In The News | Tagged: , , , , , | Permalink
Posted by Linda Criddle

Techniques Used By Fraudsters On Social Networking Sites

October 20, 2009

Repost: Originally posted and prepared by the Internet Crime Complaint Center (IC3)

Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques.

  • One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue, which needs to be resolved.
  • Other spam entices users to download an application or view a video.
  • Some spam appears to be sent from users’ “friends”, giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.
  • Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software.
  • Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your “friends” list, instructing them to download the new application too.

Infected users are often unknowingly spreading additional malware by having infected Web sites posted on their Webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.

Tips on avoiding these tactics:

  • Adjust Web site privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.
  • Be selective of your friends. Once selected, your “friends” can access any information marked as “viewable by all friends.”
  • You can select those who have “limited” access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.
  • Disable options and then open them one by one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site.
  • If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.
  • Be careful what you click on. Just because someone posts a link or video to their “wall” does not mean it is safe.

Those interested in becoming a user of a social networking site and/or current users are recommended to familiarize themselves with the site’s policies and procedures before encountering such a problem.

Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.

Individuals who experienced such incidents are encouraged to file a complaint at www.IC3.gov reporting the incident.

Linda

Comments Off | In The News | Tagged: , , , , , | Permalink
Posted by Linda Criddle

Stay Safer – Place a Security Freeze on Your Credit

October 16, 2009

Criminals use stolen ID’s to open new lines of credit. You can thwart their efforts to use your identity by simply freezing your credit. Many states have laws giving you this right, but even where states don’t provide legal mandates, the large credit bureaus provide a voluntary security freeze program.

To determine whether there are any costs associated with placing a security freeze on your credit, and for temporarily lifting that credit freeze when you do seek credit, see State Freeze Requirements and Fees. For example, In Washington state, those who have been victims of ID theft can freeze, and temporarily lift their credit for free. It costs just $10 for anyone else under the age of 65.

FreezeCredit

Plan ahead when you do want to apply for new credit, as it may take up to 3 days to process your request for a temporary lift of the security freeze. (A freeze limits the credit bureaus from disclosing your credit score to third parties except in those cases where you specifically contact a credit bureau like Equifax and request that they temporarily lift the security freeze.) It may take longer if you have lost the security freeze confirmation number which the credit bureau provided.

Click here to learn more about placing a Security Freeze through Equifax on your credit file.

Linda

Comments Off | Linda's Blog | Tagged: , , , , | Permalink
Posted by Linda Criddle

UN Experts Say Online Child Pornography Has Increased; Some 750,000 pedophiles prowling Internet

October 10, 2009

New statistics cited by Najat M’jid Maalla, the United Nations’ investigator for the sale of children, outlined an increasingly bleak picture on the exploitation of children online.

Among their findings:

  1. Child prostitution and child pornography found on the Internet has increased, with over four million sites exploiting children, including those of children aged under two years.
  2. “The number of sites devoted to child pornography worldwide is growing. The number of predators connected to the Internet at any one time is estimated to be 750,000.
  3. More than 200 new images are also circulated daily, the production and distribution of child pornographic images rakes in between 3 and 20 billion dollars (2.04 and 13.62 billion euros) a year.
  4. Images of sexually exploited children are not only growing in number but are also increasingly shocking. The number of images showing serious exploitation quadrupled between 2003 and 2007, showing abject images of brutal rape, bondage, oral sex and other forms of debasement.
  5. The UN estimates that between 10,000 and 100,000 minors are victims of the child pornography network.

The methodology of this UN report and the statistics cited will unquestionably be challenged. Some will point to age of consent issues, others will challenge the wide spread of estimates given both for the revenue and number of victims as being too far apart to be meaningful.

Don’t let the squabbling obfuscate the stark reality that the ease of access to images of child sexual abuse is increasing, the number of sites offering the images are increasing, and the number of children forced into sexual slavery is increasing.

To learn more about these issues and how you can  help, see my blog Child Trafficking and the Internet.

Linda

Comments Off | In The News | Tagged: , , | Permalink
Posted by Linda Criddle

Soldiers Personal Data Still Leaking Online

October 4, 2009

Washington Post - Soldiers Personal Data Still Leaking Online

Sensitive personal data – including Social Security numbers, blood types, cellphone numbers, e-mail addresses, and the names of soldiers’ spouses and children – belonging to tens of thousands of U.S. soldiers continues to be compromised via P2P networks. As recently as this week computer users in countries like Pakistan and China have downloaded this information according to Tiversa, a company specializing in P2P intelligence.

According to the Washington Post, Tiversa saw personally identifiable data on Special Forces soldiers on servers in Pakistan in May and notified military criminal investigators. This isn’t the first breach, in April 2008, Tiversa found spreadsheets of Army promotions with personal data of 60,000 soldiers, as well as data on several thousand civilians and soldiers from the 1st Signal Brigade, and information about soldiers in the 3rd Special Forces Group.  

The Army’s Special Operations Command confirmed that data was breached, but insisted it was an isolated incident, that those involved in the breach had been punished, and that they now have measures in place to reduce the chances of a breach happening again.

Robert Boback, chief executive of Tiversa, said such precautions are not sufficient safeguards. “Every company, agency and defense contractor will say that they have a policy against P2P on company-owned equipment and blocking, usually through intrusion detection,” he said. “The fact remains that these documents are still going out.”

Given the tremendous sacrifice our soldiers are making to protect the safety of others, it is a sad reflection on the state of Internet (in)security that we are unable to defend our own troops.

Read the full article from the Washington Post here

Linda

Comments Off | In The News | Tagged: , , , , | Permalink
Posted by Linda Criddle

“Unprecedented State of Web Insecurity” Says New IBM Report

September 15, 2009

“There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,” said IBM’s X-Force Director Kris Lamb in a new and sobering report.

“Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks,” Lamb said. “The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.” “The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted.”

The data behind these conclusions is stark:

  • The number of new malicious Web links discovered in the first half of 2009 increased by 508%
  • The presence of malicious content on trusted sites has increased, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites.
  • Web application attacks with the intent to steal and manipulate data and take command and control of infected computers has significantly risen.
  • There were 3,240 new vulnerabilities discovered in the first half of 2009, yet 49% of all vulnerabilities disclosed in the first half of 2009 had no vendor-supplied patch at the end of the period.
  • Known PDF vulnerabilities in the first half of 2009 already surpass disclosures from all of 2008.
  • Trojans account for more than half of all new malware with a nine percent increase over the first half of 2008. Information-stealing Trojans (see bottom of article for definition of Trojans) are the most prevalent malware category.
    • A similar survey, by BitDefender, measuring malicious attacks between January and June 2009 found that Trojan-type malware now account for 83% of the global malware detected in the wild.
  • Phishing has decreased dramatically. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets.

What this means to you

In spite of the serious threats and stark warning, the answer isn’t to unplug your computer and head for the hills. Instead, it is essential that you make sure your computers and internet connections are secure with proactive protection software that automatically updates; that you use strong, unique passwords and you keep them private; and you learn to avoid socially engineered exploits. It also means that every family member and/or anyone else who uses your computer(s) follow the same security rigor.

  1. Secure your computer. If your computer isn’t protected from Trojans, viruses and other malware your financial information and passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use one of the excellent free services.
  2. Secure your Internet connection - make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here.
  3. Use strong passwords. A weak password is all it takes for someone to steal it. If you use the same password on multiple sites (or everywhere) you are asking for real trouble. Passwords do not have to be hard to remember, just hard to guess.
  4. When searching, Do NOT assume sponsored sites are safe. Because I use McAfee Site Advisor (it’s free), I see a warning notifying me of the risk. Without a tool like this, you have no way of judging if the site is legitimate or going to give you malware, spam, etc… There are other companies offer similar services; pick one and use it!
  5. Trust is Key. Know the Site. Know the User. Know the Company. Misplaced trust will land you in a world of trouble.
    1. You can no longer assume that links within trusted sites are safe. IBM’s research highlights the increase in malicious content placed on trusted sites.
    2. Be cautious and stay in the driver’s seat. Instead of clicking on a link, copy the URL into a search engine query and look at the results. Does the site have a positive safety rating? Don’t be pulled by links that may or may not take you where you want to go. This is particularly true with ‘shortened’ or ‘mini’ links used on sites like Twitter. If you do now have 100% confidence that the link is going to take you to a legitimate site, look up the material yourself.

Linda

What is a Trojan? In technology, a trojan is a term used to describe software that appears to be useful but contains malicious code that enables hackers to access and take over the computer remotely. Once controlled hackers can use the machine for a variety of criminal purposes including stealing identities (e.g. passwords, security codes, credit card information), installing additional malware, downloading or uploading files, deleting or modifying a user’s files, keystroke log the user’s activity, make the computer part of a botnet, and so on.

Comments Off | In The News | Tagged: , , , , , , , , | Permalink
Posted by Linda Criddle

Symantec’s Cybercrime Intelligence Report Aug 2009

August 31, 2009

The news on the cybercrime front remains grim. According to Symantec’s MessagLabs report for Aug 2009, cybercriminals continue to expand their reach and hone their tactics; botnets are so sophisticated, they can be back up and running 48 hours after a crippling distribution blow; criminals now optimize for efficiency – and favor repurposing malware rather than developing new tactics. Scammers continue targeting ‘hot topics’ for their campaigns – and have the botnet capacity to distribute billions of spam a day.

If that didn’t leave you unsettled, here’s a closer look at Symantec’s MessageLabs findings for August:

  • Cutwail, one of the largest botnets globally, is responsible for approximately 15 to 20 percent of all spam today.
    • Following the shutdown of an ISP in Latvia, Cutwail’s volumes fell by as much as 90 percent, and global spam volumes fell by as much as 38 percent in the subsequent 48-hour period.
    • In a matter of days Cutwail was back to its former self, demonstrating just how powerful the botnet really is in recovering and reinventing itself.
  • Despite the brief downturn in spam levels, the figures for August remain fairly steady at 88.5%, due to the activity levels of other major botnets
  • Another prolific botnet called Donbot distributed ten billion emails in just one day using shortened URLs in its spam runs. Note: Shortened URL services are invaluable on services like Twitter where only 140 characters are available – many URL’s are longer than that. However, they mask the real website being pointed to and are therefore very appealing to internet criminals.
    • Leveraging the heightened interest in health related issues, Donbot email subjects include ‘Health care – get meds now’, ‘Save 89% on Meds’, ‘Purchase Meds Online’.
  • The ongoing use of shortened-URLs as a delivery mechanism has resulted in a number of URL-shortening services being forced to close their businesses due to their inability to handle the malicious use of their tools.
  • Cybercriminals are three times as likely to favor repurposing malware across numerous domains rather than developing new tactics.
    • In August, of 3,510 websites being blocked daily, 36.1 percent of domains were new. Similar analysis of malware being blocked each day highlights that only 11.9 percent was newly developed malware.

We can read this sobering report and throw up our hands, or we look for additional countermeasures to help in thwarting these exploits.

I was particularly struck by the high level of repurposing of malware. It makes of course the best business sense from a criminal’s point of view, but perhaps it opens another avenue for countermeasures.

As an industry, companies need to work more closely together to block cybercriminals ability to repurpose exploits across various services and technologies. Far too often when an exploit first arises – let’s say in email – we see email providers scramble to create solutions; then the exploit pops up in IM; and then in one or more social networking sites; and so on.

We need to figure out how to work better across companies and services segments to stop the repurposing in its tracks and reduce the opportunity for financial gains by the criminals behind these exploits.

Click to read the full report.

Linda

Comments Off | In The News | Tagged: , , , | Permalink
Posted by Linda Criddle

Déjà vu: Woman Charged with Cyberbullying Teen

August 28, 2009

Another woman has been charged with cyberbullying a teen girl. What’s up with vicious middle-aged women?

First, there was the sickening case of Lori Drew (50) whose vicious attack on Megan Meiers tragically led to Megan’s death. Drew’s abhorrent behavior continues to make headline news as it winds its way through courts three years after the event.

Now we have a new case where 40-year-old Elizabeth Thrasher of Missouri is accused of expressing her bile by creating a Craigslist “Casual Encounters” ad for a sexual encounter purporting to be the 17-year-old daughter of her ex-husbands girlfriend. Apparently, Thrasher and the mother of the 17-year-old had been arguing, and then all three had heated exchanges on MySpace according to St. Charles County Prosecutor Jack Banas.

The “Casual Encounters” section on Craigslist warns visitors that the pages may include adult content. Police said Thrasher is accused of posting the young woman’s photo, e-mail address and cell phone number, as well as where she works. The young woman learned of the posting when she received calls, e-mails, text messages and pornographic photos on her cell phone.
Thrasher won’t be as ‘fortunate’ as Drew, who largely fell between prosecutorial cracks, because after the Megan Meiers tragedy, Missouri passed a cyberbullying law making it a felony to cyberbully when the victim is under 18 and the abuser is over 21.

As this case winds it’s way through the legal system, we need to continue the public debate about civility online – as these women highlight, deplorable Internet behavior is not just a teen issue.

Linda

Comments Off | In The News | Tagged: , , | Permalink
Posted by Linda Criddle

McAfee, Inc. Names Jessica Biel the Most Dangerous Celebrity in Cyberspace

August 25, 2009

Mix celebrity status and media presence and you create a magnet for cyber-scammers. McAfee has just released its third annual “Most Dangerous Celebrity in Cyberspace report and it highlights that though the actors of the moment change, the tactics cybercriminals use remain the same.

Jessica Biel now has the dubious distinction of being the most dangerous celebrity to search in cyberspace. Whether fans search for “Jessica Biel” or “Jessica Biel downloads,” “Jessica Biel wallpaper,” “Jessica Biel screen savers,” “Jessica Biel photos” or “Jessica Biel videos”, they have a 20% chance of landing at a Web site containing spyware, adware, spam, phishing, viruses or other malware.

Somewhat surprisingly, McAfee’s results showed that  the U.S. President and First Lady are not among the most risky public figures to search ranking 34th and 39th, respectively.

McAfee’s top riskiest celebrity searches include:

  1. Jessica Biel – Almost half of “Jessica Biel screensavers” search results contain malicious downloads with spyware, adware and potential viruses.
  2. Beyoncé – Inputting “Beyoncé ringtones” into a search engine yielded a dangerous Web site linking to a distributor of adware and spyware.
  3. Jennifer Aniston – More than 40% of the Google search results for “Jennifer Aniston screensavers” contained nasty viruses, including one called the “FunLove virus.”
  4. Tom Brady – The New England Patriot seems to attract many fans who want a free download of the athlete in action, but not the Trojan that comes with it.
  5. Jessica Simpson – Searching for “Jessica Simpson videos” can mislead unsuspecting surfers to sites with potentially damaging downloads.
  6. Gisele Bundchen – A search for “Gisele Bundchen photos” can direct users to sites that breached browser security in McAfee’s tests.
  7. Miley Cyrus – Web sites related to Miley Cyrus’ image link to harmful sites containing spyware.
  8. Megan Fox, Angelina Jolie – tied for the number of search results containing risky downloads, proving cybercriminals are in the business of capitalizing on the world’s most famous faces.
  9. Ashley Tisdale – The “High School Musical” star is a popular search term when it comes to searching for screensavers. A host of screensaver Web sites contained numerous malware-laden downloads.
  10. Brad Pitt – Brad Pitt fell towards the bottom of this year’s list, resulting in a few less, but just as dangerous, Web sites.
  11. Reese Witherspoon – Searching for “Reese Witherspoon” and “Reese Witherspoon photos” returns results promoting free files with hidden malware.
  12. Britney Spears – McAfee SiteAdvisor technology found a single site promoting free Britney Spears wallpaper that was embedded with more than 50 potentially infected downloads.

Don’t play roulette on a search engine

Searching the web without using tools that identify malicious websites is asking for trouble – you simply will not be able to tell which are legitimate. Cybercriminals aren’t stupid, they want to target the broadest number of users and therefore closely watch for the most popular search terms.

In addition to having up-to-date security software in place, you need to use a product that visibly identifies for you the potential for malicious code on search results. I’ll mention McAfee’s Site Advisor solution (it’s FREE folks) first as they generated this report, and it’s the one I use on all my machines. Additionally, both Firefox and Internet Explorer have features you can use to alert you to malicious sites, and several other companies offer similar services.

Linda

Comments Off | In The News | Tagged: , , , , | Permalink
Posted by Linda Criddle

Illinois Law Bans Sex Offenders from Social Networking Sites

August 24, 2009

Illinois recently enacted changes to a law to make the use of social networking sites by registered sex offenders a class 4 felony.

Set to take effect on Jan. 1, 2010, Illinois state senator Bill Brady explained the reasoning behind the changes, “The idea was, if the predator is supposed to be a registered sex offender, they should keep their Internet distance as well as their physical distance. The object is to protect innocent individuals on the Internet from sex offenders.”

The intent behind this law is easy to understand. We need to address public safety in the face of sharply increasing numbers of registered sex offenders. The issue is how best to accomplish this.

Unfortunately, this law fails to consider fundamental distinctions between what constitutes a social network, how this law balances the punishments meted to sex offenders vs. other types of serious online criminals, the problematic issues around which individuals become labeled as sex offenders, and so on.

The term ‘social network’ is undefined

Making it a felony for sexual predators to join social networking sites that are designed for children and teens, for dating, or specifically designed to meet vulnerable people is one thing, but this law takes an entirely undifferentiated and draconian approach by including all sites with any social networking functionality.

Amazon.com and eBay, for example, are social networks that enable people to have profiles, post comments, and more. Sites that enable job searches like LinkedIn and Monster.com are social networks, (see How the Web Has Changed Job Searching for more on the critical role social networks play in job hunting).

Support sites for sex offenders, sites that facilitate communication with family members, sites that allow comments such as newspapers, sites sharing information on products, hobbies, music, and so on, are all social networking sites. Moreover, the dynamic nature of the web is driving ever more sites to enable social interactions.

As the law now stands, it will make it more difficult for sex offenders to find jobs, apartments, or get support to help prevent re-offending, according to the Center for Sex Offender Management, a project of the Office of Justice Programs, U.S. Dept of Justice. Their research found that steady employment and support are key factors in reducing recidivism risks; the unintended consequence of the law may actually be an increase in the risks posed to society.

Lawmakers need to spend more time considering the differences in social networking sites and, at a bare minimum, craft laws with a more precise definition of what types of social sites should be illegal for sex offenders.

Sex offenders are one type of criminal threatening consumers online

Given the intent of the law is to protect innocent individuals online, shouldn’t this law also ban other types of serious criminals that use social networking sites to facilitate their crimes – like scammers, stalkers, ID thieves, and so on? While the Internet is predominantly a safe and positive place for users of all ages, Internet criminals wreak considerable harm, stealing consumers’ life-savings, their identities, and in some cases killing victims they met online. Sex offenses are heinous crimes, but should murderers get lesser penalties?

The vast majority of convicted sex offenders did not use social networks (or the Internet) in the commission of their crimes. This law assumes that though most sex offenders did not use social networks to find or groom their victims, they will do so in the future. If the individual did not use social networking sites, is it reasonable to ban them?

The changes add fuel to the debate over how sex offenders are defined

Changing the law to prohibit sex offenders from using social networking sites does not alter the scope of who is labeled a “sex offender”, but it has reignited the debate over how broadly the label is applied. There is broad concern that the law as it stands is unjust because it does not differentiate between serial child rapists, and for example, a person caught three times relieving him/herself behind a tree. Public indecency for a third or subsequent conviction labels a person as a sex offender. Some are inappropriately caught under this label and they do not deserve to have their names and photos exposed on sex offender registries, or to be shunned by society.

The problem worsens as we look across states. Many states dump the sex offender label on individuals as diverse as rapists, pedophiles, exhibitionists, and teens that had consensual sex, or that sent explicit images of themselves to a boy/girlfriend, etc. Surely, no one believes these are equivalent behaviors, or that those caught in these varying circumstances should be treated equally.

The law also fails to take into account the varying likelihood of re-offense. Despite public anxiety, research shows that different categories of sex offenders pose widely different degrees of risk of re-offending.

According to the Center for Sex Offender Management, a project of the Office of Justice Programs, U.S. Dept of Justice, recidivism rates can be high for some types of sex offenders but even with elevated risk levels they strongly caution against viewing them as a homogeneous group.

Highlighting the disparity in recidivism rates among segments of sex offenders, Marshall and Barbaree (1990) found in their review of studies that the recidivism rate for:

  • Incest offenders ranged between 4 and 10 percent.
  • Rapists ranged between 7 and 35 percent.
  • Child molesters with female victims ranged between 10 and 29 percent.
  • Child molesters with male victims ranged between 13 and 40 percent.

Beyond categorizing sex offenders by the type of offense they committed, a complex set of variables determine who, within each category, is likely to re-offend. Factors include whether the offender received treatment, the age of the offender, whether they are employed, the type of sexual deviance, their psychological stability, whether they are substance abusers, and so on. The current one-size-fits all policy towards those labeled simply doesn’t fit.

The issues I’ve listed about this particular approach do not pretend to cover other aspects like legality, jurisdiction, enforceability, etc. that will surely be wrestled over, but they should raise concern in the minds of the public as to the justness of this law.

Indeed, in a 2008 brief on state sex offender management policies, Thomas MacLellan, program director for the justice and public safety program of the National Governors Association, outlined challenges facing states. “People try to do the right things, but states don’t always have the capacity to look at all the research,” he said. “A lot of decisions will be made on consensus.”

There are sexual predators using the Internet to find new victims, and the intent to help protect individuals from such offenders online is good. This particular legislation however will not achieve that goal.




Linda

Additional Resources:

Comments Off | Linda's Blog | Tagged: , | Permalink
Posted by Linda Criddle

« Previous Entries
Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 1,703 other followers