26 August 2016
Find out more

US charges three over Gozi bank malware

24 January 2013  |  4915 views  |  0 Computer virus

US authorities have charged three men with creating and distributing the Gozi computer virus, which infected more than a million computers around the world, accessing banking details and stealing millions of dollars.

As indictments against the three were unsealed yesterday, US Attorney Preet Bharara revealed that Nikita Kuzmin, the man who conceived the virus, was arrested in the US in November 2010 and has pleaded guilty to various charges.

Latvian Deniss Calovskis and Romanian Mihai Ionut Paunescu were apprehended later in their home countries and are awaiting extradition to the US.

Prosecutors say the Gozi malware has infected over a million computers, among them at least 40,000 in the US - including some belonging to Nasa - causing tens of millions of dollars in losses.

The virus was distributed in various ways, including through PDFs, before collecting bank account usernames and passwords. The information was sent back to computer servers controlled by the crooks and used to transfer funds out of the accounts.

Kuzmin came up with Gozi in 2005 and began advertising it on underground forums, giving fellow criminals access to the virus for a weekly fee, enabling them to configure it to steal data of their choosing. From 2009 he changed tack and began selling Gozi outright.

Authorities allege that Kuzmin brought in Calovskis to tweak the virus, getting the Latvian to develop 'web injects' which altered how the pages of banks appeared on infected computers, tricking victims into divulging additional personal information.

Meanwhile, the third man, Paunescu - who goes by the name 'virus' - is accused of operating a bulletproof hosting service, providing servers and IP addresses for distributing Gozi as well as other malware and for initiating DDoS attacks.

Says Bharara: "In an information-age update on Willie Sutton, these men allegedly ran a modern-day bank robbery ring, and like Sutton, they targeted banks because that's where the money still is. But as we have seen with increasing frequency, cyber criminals' bank heists require neither a mask nor a gun, just a clever program and an Internet connection."

Kuzmin faces up to 95 years in prison, Calovskis 67 years, and Paunescu 60 years.
KeywordsLEGAL

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Chinese crooks pre-install malware on PCs

Chinese crooks pre-install malware on PCs

14 September 2012  |  5646 views  |  0 comments
Crooks jailed over online banking theft

Crooks jailed over online banking theft

03 July 2012  |  5372 views  |  0 comments
Russian security services bust notorious malware ring

Russian security services bust notorious malware ring

21 March 2012  |  6080 views  |  0 comments
Ukrainian authorities bust $70 million malware ring

Ukrainian authorities bust $70 million malware ring

28 June 2011  |  5765 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit VocaLink.comVisit equens.comVisit capgemini.com

Top topics

Most viewed Most shared
hands typing furiouslyBlockchain: what to expect for 2017?
8505 views 0 | 55 tweets | 46 linkedin
hands typing furiouslyBig Data's Three Big Trends in 2016
7156 views 5 | 22 tweets | 13 linkedin
hands typing furiouslyHow Banks Are Losing Millions by Ignoring...
6759 views 10 | 23 tweets | 8 linkedin
Nordea looking for AI and blockchain breakthroughsNordea looking for AI and blockchain break...
6216 views comments | 17 tweets | 19 linkedin

Featured job

Find your next job