Botnets and the Army of Darkness
Download
Report
Transcript Botnets and the Army of Darkness
Botnets and the Army of Darkness
USER
Single
User
Can not stand alone
Search for a company
1
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Resources
Shared groups
2
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is a Network
•A network consists of two or more
computers that are linked in order to
share resources (such as printers and
CDs), exchange files, or allow
electronic communications.
3
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is a Network
•The computers on a network may be
linked through cables, telephone
lines, radio waves, satellites, or
infrared light beams
4
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Basic types of networks include
· Local-area networks(LAN) : The computers are geographically close
together (i.e., in the same building).Wide Area Networks
.(WAN): The computers are farther apart and are connected by telephone
lines or radio waves.
· Campus-Area Networks (CAN) : The computers are within a limited
geographic area, such as a campus or military base.
· Metropolitan Area Networks (MAN) : A data network designed for a town
or city.
· Home Area Networks (HAN) : A network contained within a user's home
that connects a person's digital devices.
5
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Network Resources
6
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Sharing side effects
7
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Software
and
Malware
8
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is Software
•Software :is the combination of
Instructions and Data.
• Software is a general term for the
various kinds of programs used to
operate computers and related
devices
9
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is Malware
•Malware : short for malicious software, is software
designed to secretly access a computer system without
the owner's informed consent.
•Malware includes computer viruses, worms, Trojan
horses, spyware, dishonest adware, scare ware, crime
ware, most root kits, and other malicious and unwanted
software or program.
10
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
How do I Got a Malware
•Malware's most common pathway from criminals to
users is through the Internet: primarily by e-mail and the
World Wide Web.
11
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is Network Security
12
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is Network Security
• Network security involves all activities that
organizations and institutions undertake to protect the
value and ongoing usability of assets and the integrity
and continuity of operations.
•An effective network security strategy requires
identifying threats and then choosing the most effective
set of tools to combat them.
13
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Threats to network security include
•Viruses : Computer programs written by devious
programmers and designed to replicate themselves and
infect computers when triggered by a specific event.
•A computer worm is a self-replicating malicious
software applications designed to spread via computer
networks without any user intervention. This is due to
security shortcomings on the target computer.
•Vandals : Software applications or applets that cause
destruction.
14
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Threats to network security include
•Attacks : Including
•reconnaissance attacks (information-gathering activities to
collect data that is later used to compromise networks);
•access attacks (which exploit network vulnerabilities in order to
gain entry to e-mail, databases, or the corporate network)
•denial-of-service attacks (which prevent access to part or all of
a computer system).
•Data interception : Involves eavesdropping on communications or
altering data packets being transmitted.
•Social engineering : Obtaining confidential network security
information through nontechnical means, such as posing as a
technical support person and asking for people's passwords.
15
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Viruses Vs Worms
•Computer worms , unlike viruses does not need
to attach itself to an existing program. Worms
almost always cause at least some harm to the
network, even if only by consuming bandwidth,
whereas viruses almost always corrupt or modify
files on a targeted computer.
16
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Network security tools include
•Antivirus software packages : good and can catch most virus
threats, if regularly updated and correctly maintained.
•Secure network infrastructure : Switches and routers have
hardware and software features that support secure connectivity,
perimeter security, intrusion protection, identity services, and
security management. Dedicated network security hardware and
software-Tools such as firewalls and intrusion detection systems
provide protection for all areas of the network and enable secure
connections.
:Virtual private networks (VPN): These networks provide access
control and data encryption between two different computers on a
network. This allows remote workers to connect to the network
without the risk of a hacker or thief intercepting data.
17
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Network security tools include
Identity services : These services help to identify users and control
their activities and transactions on the network. Services include
passwords, digital certificates, and digital authentication keys.
Encryption : Encryption ensures that messages cannot be
intercepted or read by anyone other than the authorized recipient.
Security management : This is the glue that holds together the
other building blocks of a strong security solution.
None of these approaches alone will be sufficient to protect a
network, but when they are layered together, they can be highly
effective in keeping a network safe from attacks and other threats to
security.
18
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is an IRC
Internet Relay Chat (IRC): is a real-time Internet text messaging,
designed for group communication in discussion forums, called
channels, but also allows one-to-one communication via private
message as well as chat and data transfers via Direct Client-toClient.
IRC was created by Jarkko Oikarinen in August 1988 to replace a
program called MUT (MultiUser Talk) on a BBS called OuluBox in
Finland. Oikarinen found inspiration in a chat system known as
Bitnet Relay, which operated on the BITNET.
IRC client software is available for nearly every computer operating
system that supports TCP/IP networking.
19
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
What is a RootKit?
A rootkit: is a set of software tools that, when installed on a
computer, provides remote access to resources, files and system
information without the owner’s knowledge. Various types of rootkits
are used to secretly monitor activity on computers for surveillance
purposes, but malicious hackers can also install rootkits on the
computers of naïve users.
The word “rootkit” comes from the UNIX™ operating system (OS)
that was prevalent prior to Microsoft™ Windows™. Linux and
Berkeley Software Distribution (BSD) are derivatives of UNIX.
The “root” level of a UNIX system is akin to Windows’ administrator
privileges. The remote-control software bundle was referred to as a
“kit,” giving us “rootkit” sometimes written as “root kit.”
20
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet: an overview
•Bot comes from the word robot which means "worker".
In computer world Bot is a generic term used to describe
an automated process. A bot is usually referred to as
automated software that is capable of performing certain
predefined tasks.
•Botnets are a collection of compromised coordinated
group of computers (i.e. zombies) that are under the
control of a single entity called botmaster.
21
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet: an overview
The Botmaster has a control over one or more
command and control (C&C) servers that can be used to
distribute commands to their bots in order to carry out
various distributed and coordinated attacks remotely
22
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet: an overview
23
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
History of Botnet
Like many things on the Internet today, bots began as a
useful tool without malicious intents. Bots were originally
developed as a virtual individual that could sit on an IRC
channel and do things for its owner while the owner was
busy elsewhere.
IRC was invented in August of 1988 by Jarkko "WiZ"
Oikarinen of the University of Oulu, Finland.
24
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
History of Botnet
GM: The original IRC bot (or robot user), called GM
according to Wikipedia, was developed the next year, in
1989, by Greg Lindahl, an IRC server operator. This bot
was designed to play a game with IRC users. The first
bots were truly robot users that appeared to other IRC
users as other normal users.
Unlike today‘s botnet clients (robots), these robots were
created to help a user enjoy and manage their own IRC
connections.
25
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
History of Botnet
programmers realized they could create robot users to
perform many tasks currently done by humans such as
handling tedious 24-hour-a-day requests from many users.
the use of bots to keep a channel open and prevent malicious
users from taking over the channel when the operator was
busy doing other things.
bots needed to be able to operate as a channel operator. The
bots had evolved from being code that helps a single user to
code that manages and runs IRC channels as well as code
that provides services for all users.
26
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet Overview
Among the various forms of malware, Botnet is considered
the most serious means for committing online crimes,
• it poses a significant threat to the internet users.
o due to its scale
o geographical diversity of the machines enlisted in a
Botnet (i.e. bots or zombies machines) .
• Botnets provide a distributed platform for many cybercrimes such as Distributed Denial of Service (DDoS) attacks
against critical targets, malware dissemination, phishing, and
click fraud coupled with available source code, and the
support from the underground communities
27
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet
Life
cycle
28
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet Life cycle
Initializing Botnets normally begins with
1. sending a malware (i.e. worms, Trojan insertion)
through malicious emails, remote exploiting, mobile
media, Web drive-by download as well as social
engineering techniques and P2P file sharing
networks to vulnerable machines. Once vulnerability
is found, the machine will be compromised.
2. the malicious bot binaries is downloaded into the
compromised hosts turning it into a zombie (bot).
29
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet Life cycle
3. This bot is redirected to a dynamic/static server
address that is known for both the bot and his master.
This server is known as a command and control
server where the botmaster (attacker) can login and
issue commands to his bots to start an attack,
scanning, infection…etc.
30
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
The command and control server C&C
C&C server: is the commander channel that receives
commands from the botmaster and conveys these
commands to the bots within the same botnet, which
makes all the bots respond or execute commands in
similar manner.
Bots after executing certain tasks need to report the
status of the action back to the botmaster; this reporting
is achieved through the C&C server as well..
31
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
The command and control server C&C
•The bot master has a certain user name and pass word
that can be used to login to the command and control
server. The username and password are used to prevent
other botmaster from controlling or stealing the bots.
•Every bot has his own user name and password that
are used to login to the same command and control that
the botmaster exist.
32
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
The command and control server C&C
Bots need to communicate with the C&C server regularly
to receive more instructions from the botmaster
The C&C server should reply regularly (periodically) to
these bots to update their status.
33
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Classification of botnets
Centralized architecture: in this architecture, all bots
are connected to a certain centralized command and
control server such as IRC and HTTP based botnets.
This architecture is considered the easiest to construct
and implement; this is why it is still in use in the cyber
world till today. However, this architecture belongs to the
one single point of failure architectures. Where it is easy
to identify the command and control server and thus,
bring down the whole botnet.
34
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
A typical centrelized
Bot structure
35
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Classification of botnets
P2P or Decentralized architecture: in this architecture
there is no centralized point for C&C, so that any node in
the network can act as a client and a server, P2P
architecture employs the P2P protocols to introduce a
various distributed C&C servers. This architecture
considered difficult to discover and destroy due to the
anonymity and the distributed nature of the P2P
architecture.
36
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
A typical P2P
Bot structure
37
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Classification of botnets
Unstructured C&C architecture: considered to be the
extreme of P2P botnets where no single bot would know
more than one single bot. In this model there is no direct
connection between the bot and the bot master, the bot
master has to search the Internet and posts the required
message to the bot when he founds one. The design of
such a system would be relatively simple and the
detection of a single bot would never compromise the full
botnet. However, the message latency would be
extremely high, with no guarantee of delivery.
38
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
A typical Unstructured
(Dynamic) Bot
structure
39
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
How bots communicate with botmaster?
The C&C server is the commander channel that receives
commands from the botmaster and conveys these
commands to his bots. Bots after executing certain tasks
need to report the status of the action back to the
botmaster; this reporting is achieved through the C&C
server as well.
Bots need to communicate with the C&C server regularly
to receive more instructions from the botmaster, and the
C&C server should reply to these bots to update their
status.
40
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
How bots can be detected?
Botnets are differing from other malwares; as they mainly
require a mean of communication (i.e. command and
control server (C&C) and a controlled communication
networking).
there are plenty of different techniques that try to detect
botnet, each of these techniques is suitable for a specific
part of botnet life cycle.
Still, there is no optimal solution for botnet detection.
41
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
The past recent years witnessed different approaches
that have been proposed to detect botnets and combat
their threat against cyber-security. These approaches
can be grouped into
1- Signature Based.
2- Anomaly Based.
3- DNS based.
4- Data Mining Techniques.
42
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
1- Signature-based Detection
These systems examine the network traffic for known patterns
of a malicious activity; new types of attacks are not detected.
For instance, SNORT is one of the famous network intrusion
detection systems. It has a special plug-in and rules/pattern
for identifying known bot signatures.
Although, signature based techniques are good for identifying
known bots but it will fail to identify the new bots until their
signature is discovered and added to the rule set database.
43
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
2- Anomaly Based Detection
Anomaly-based systems look for substantial changes in
network behavior or conditions such as traffic on unusual
ports, high volumes of traffic, high network latency and
unusual system behavior that could indicate a presence of
malicious activities within the network.
Anomaly detection techniques resolve the problem of
detecting unknown bots, however, they are still limited to a
specific C&C protocols (eg HTTP, IRC) or limited to a specific
botnet structures (eg, P2P, Cenrelized).
44
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
3- DNS based Detection Systems
researcher start to exploring the DNS suspicious behavior
based on the fact that the DNS is a distributed database
spread over the Internet, which is used to translate the
domain names into IP addresses and vice versa. The botnet
queries the DNS server to find out the “botmaster’s” domain
name.
45
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
DNS,… conti
In return, the DNS server replies to the Bots and provides
them with the new IP address of the “botmaster’s” domain
name, which is located in a new compromised C&C server.
Some approaches conducted a study that monitors the DNS
traffic in order to detect the botnet with prior knowledge of the
blacklisted servers that spread or connect to malicious
malware. This approach can be simply evaded if the
botmaster uses fake DNS queries of or employing DDNS
queries.
46
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
DNS,… conti
DNS approach is stronger than the previous approaches but the
main weakness of this approach is when it is applied to large-scale
networks, the processing time will be higher especially in real time.
As a result, Researchers start to explore various data mining
technique to minimize the processing coast because data mining
techniques are concerning the use of data analysis tools (statistical
models, mathematical algorithms, and machine learning methods) to
discover unknown, valid patterns and relationships in large data
sets. Many researchers have exploits the wide variety of data mining
tools to enhance their methods for detection botnet.
47
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
4- Mining-based Detection:
As a result, Researchers start to explore various data mining
techniques to minimize the processing coast. Data mining
techniques are the use of data analysis tools (statistical
models, mathematical algorithms, and machine learning
methods) to discover unknown, valid patterns and
relationships in large data sets. Many researchers have
exploits the wide variety of data mining tools to enhance their
methods for botnet detection.
48
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
Mining based,… conti
While data mining products can be very powerful tools, it does
not directly give the user the value or the significance of these
patterns, they are not self-sufficient applications and require
skilled analytical specialists who can interpret and analyze the
output that is related to the area under inspection queries.
49
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
Mining based,… conti
The improvements on botnets never stop. Botnets are becoming
more and more sophisticated every day by employing variety of
techniques (e.g., sophisticated executable packers, rootkits, protocol
evasion techniques, such as moving away from IRC and taking
control of, HTTP, VoIP, IPV6, ICMP, Skype protocols, etc). Bots are
more evasive to signature based, anomaly-based detection systems
as well as DNS and Data Mining based intrusion detection systems.
These evasion techniques improve the survivability of botnets and
the success rate of compromising new hosts. Additionally, botnets
have also added (and continue to add) new mechanisms to hide
traces of their communications.
50
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
The previous approaches are based on botnet malicious activities,
abnormal behavior of network traffic or a specific part of botnet
lifecycle (scan, spam,…), specific botnet command and control
(C&C) protocols (e.g., IRC) and structures (e.g., centralized), all of
these are specific properties and not necessary general for all
botnets, that’s why previous methods are suitable only for specific
botnet type or structure. In the proposed system we approach the
botnet detection problem through the detection of the command and
control (C2) communication channels traffic that control the
coordinated group of malware instances regardless of the structure
of the botnet (e.g., centralized, P2P) and regardless of the
communication protocol being used between bots and the C2 server
(e.g., IRC, HTTP) Despite all these concerted efforts, Botnets
remain an unsolved problem for the online community.
51
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
There are plenty of different techniques, each of them is suitable for a
specific part of botnet life cycle, and there is no optimal solution for botnet
detection. Our aimed approach is to search for common factor that is shared
among most types of botnet and independent of their structure or used
protocols.
The main focus here is that Botnets are differing from other malwares; as
they mainly require a mean of communication (i.e. command and control
server (C&C) and a controlled communication networking). These
communications are defined as the mean by which the botmaster
communicates with his bots. Therefore, we are arguing on a point that “all
bots demonstrate periodic communication behaviors with C&C
servers/peers because of their pre-programmed nature and this behavior is
principal for all botnet types, no botmaster can avoid the use of the C&C
channel, else, the botnet will not be effective and very limited in its
power/action”.
52
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
However, many researchers have utilized the concept of a pre-programmed
nature of the bots to identify a similar and temporal group behavior towards
detecting and combating botnets and their threat against cyber-security.
community.
The boundary between human and bots activity is apparent in IRC
environment; because bots communications are not complicated and
considered a small set of automated tasks compared to the humans’
communications and expressions patterns that are considered richer in
dictionary use and in number of terms.
Formerly botnet C&C traffic is considered difficult to detect or identify
because their communication traffic is very much alike to the normal traffic,
does not violate any communications protocol and the communication traffic
volume is also very low.
53
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
Solutions and Recommendations
Monitoring the general network behavior is another area
that may lead to better detection of botnets due to the
fact that these botnets are consisting of a group of bots
spread geographically. They all share the same temporal
behavior such as; check for binary updates, check for
new commands. This could be the base for botnet
detection that is not restricted to certain communication
protocols or botnet structures.
54
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Bot detection Mechanisms
Solutions and Recommendations
Previous efforts in detecting Botnets are mainly depend on the
Botnet attack behaviors with less focus on the periodic
communication behavior with C&C server (peer in case of P2P
botnets) of the Botnet. Based on the above, we are proposing a new
approach that is independent of botnet C&C protocol and structure,
and requires no prior knowledge of botnets structure or
communication patterns or signature. We assume that the detection
of the periodic C&C communication channels traffic combined with
the detection of some malicious botnet activities (Scan, Spam)
enables the detection of the members of a botnet in the monitored
network.
55
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
How bots can be detected?
The proposed framework passively monitoring network traffics and
is based on a point that, bots within the same botnet will
demonstrate similar periodic communication behaviors with C&C
servers/peers and similar malicious activities due to their preprogrammed nature.
The main focus here is that Botnets are differing from other
malwares; as they mainly require a mean of communication (i.e.
command and control server (C&C) and a controlled communication
networking). These communications are defined as the mean by
which the botmaster communicates with his bots.
56
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
How bots can be detected?
Therefore, we are arguing on a point that “all bots demonstrate
periodic communication behaviors with C&C servers/peers because
of their pre-programmed nature and this behavior is principal for all
botnet types.
No botmaster can avoid the use of the C&C channel, else, the
botnet will not be effective and very limited in its power/action”.
57
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet examples
MafiaBoyBotnet(February 2000): Canadian teenage
hacker mounts DDoSattacks that brought down the
websites of Amazon.com, Ebay.com, Dell.com, etc. Used
a botnet he apparently stumbled across.
Clickbot.A(May 2006): an early botnet(up to 100,000
hosts) that specialized in “low-noise click fraud against
search engines.”Google was eventually able to identify
the fraud, effectively shutting the botnet down.
58
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet examples
Storm(January 2007): 100,000+ host botnetspread by
email spam. Botnetactively defends itself against
attackers. Controllers appear tobe decentralizing the
botnetinto subnets that can be individually deployed.
Waledac(Fall 2009): a “pseudo-clone”of Storm
apparently built using a botnettoolkit. Shut down in
February 2010 after analysis by Microsoft Digital Crimes
Unit.
59
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Botnet examples
Srzibi(March 2007): a 450,000+ host botnet specializing
in spam (responsible in 2008 for at least 40% of all spam
on the Internet).
Conficker(Nov 2008): extensive botnet(8 million hosts
in 100 countries) distinguished by large number of attack
exploits. At least five variants have been deployed, each
with more advanced capabilities.
Mariposa (Summer 2009): global botnet(bots in 190
countries) with an estimated 13 million hosts. Shut down
in Feb 2010.
60
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Summary & Conclusion
• Bots are stealthy and usually do not aggressively consume
CPU/memory/bandwidth resources.
• Bots do not perform noticeable damage to computers.
• Thus, a host-based solution method that is very specific to a
certain botnet’s instance is not desirable because:• Bots are flexible in their nature.
• Continuously evolving with flexible design.
• Different protocols and structures are used to organize
and control the botnet.
• Has a dynamic life cycle that consists of several different
stages and aspects.
61
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Summary & Conclusion
• Therefore, it is seldom to detect all steps, and to predict
the exact time in which botnet lifecycle is recorded.
• Since bots are defined as automated software (preprogrammed) to carry out specific tasks with a certain
common temporal behavior, the following are considered
true as a conclusion:
• All bots establish a command and control (C&C)
channel through which they can pull/push updates and
submit results and status.
62
© Dr.Loai Bani Melhim
Botnets and the Army of Darkness
Summary & Conclusion
• Command and control traffic exhibits a repeated pattern
behavior that is identified as periodic patterns.
• Botnet is characterized by C&C communication channel.
• Bots are updated in a manner that is more quickly than a
user updates his anti-virus. Because of the pre-programmed
nature.
• Bots communicate as a group with C&C servers, and
perform a malicious activity as agroup in a similar repeated
way.
• They engage in a coordinated and similar communication,
propagation patterns.
63
© Dr.Loai Bani Melhim