04 December 2016

US charges three over Gozi bank malware

24 January 2013  |  4993 views  |  0 Computer virus

US authorities have charged three men with creating and distributing the Gozi computer virus, which infected more than a million computers around the world, accessing banking details and stealing millions of dollars.

As indictments against the three were unsealed yesterday, US Attorney Preet Bharara revealed that Nikita Kuzmin, the man who conceived the virus, was arrested in the US in November 2010 and has pleaded guilty to various charges.

Latvian Deniss Calovskis and Romanian Mihai Ionut Paunescu were apprehended later in their home countries and are awaiting extradition to the US.

Prosecutors say the Gozi malware has infected over a million computers, among them at least 40,000 in the US - including some belonging to Nasa - causing tens of millions of dollars in losses.

The virus was distributed in various ways, including through PDFs, before collecting bank account usernames and passwords. The information was sent back to computer servers controlled by the crooks and used to transfer funds out of the accounts.

Kuzmin came up with Gozi in 2005 and began advertising it on underground forums, giving fellow criminals access to the virus for a weekly fee, enabling them to configure it to steal data of their choosing. From 2009 he changed tack and began selling Gozi outright.

Authorities allege that Kuzmin brought in Calovskis to tweak the virus, getting the Latvian to develop 'web injects' which altered how the pages of banks appeared on infected computers, tricking victims into divulging additional personal information.

Meanwhile, the third man, Paunescu - who goes by the name 'virus' - is accused of operating a bulletproof hosting service, providing servers and IP addresses for distributing Gozi as well as other malware and for initiating DDoS attacks.

Says Bharara: "In an information-age update on Willie Sutton, these men allegedly ran a modern-day bank robbery ring, and like Sutton, they targeted banks because that's where the money still is. But as we have seen with increasing frequency, cyber criminals' bank heists require neither a mask nor a gun, just a clever program and an Internet connection."

Kuzmin faces up to 95 years in prison, Calovskis 67 years, and Paunescu 60 years.
KeywordsLEGAL

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Chinese crooks pre-install malware on PCs

Chinese crooks pre-install malware on PCs

14 September 2012  |  5741 views  |  0 comments
Crooks jailed over online banking theft

Crooks jailed over online banking theft

03 July 2012  |  5466 views  |  0 comments
Russian security services bust notorious malware ring

Russian security services bust notorious malware ring

21 March 2012  |  6162 views  |  0 comments
Ukrainian authorities bust $70 million malware ring

Ukrainian authorities bust $70 million malware ring

28 June 2011  |  5831 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Find out moreVisit contisgroup.comVisit capgemini.com

Top topics

Most viewed Most shared
Royal Mint to issue digital goldRoyal Mint to issue digital gold
6494 views comments | 23 tweets | 21 linkedin
UK challenger bank Masthaven opens for businessUK challenger bank Masthaven opens for bus...
5627 views comments | 15 tweets | 13 linkedin
ING pulls plug on P2P payments app TwypING pulls plug on P2P payments app Twyp
5559 views comments | 16 tweets | 15 linkedin
R3 and Calypso to develop blockchain trade confirmation systemR3 and Calypso to develop blockchain trade...
5526 views comments | 13 tweets | 12 linkedin
Bank CEOs fret about ROI as startups drive IT arms raceBank CEOs fret about ROI as startups drive...
5523 views comments | 16 tweets | 20 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job