23 June 2017
download the report now

US charges three over Gozi bank malware

24 January 2013  |  5158 views  |  0 Computer virus

US authorities have charged three men with creating and distributing the Gozi computer virus, which infected more than a million computers around the world, accessing banking details and stealing millions of dollars.

As indictments against the three were unsealed yesterday, US Attorney Preet Bharara revealed that Nikita Kuzmin, the man who conceived the virus, was arrested in the US in November 2010 and has pleaded guilty to various charges.

Latvian Deniss Calovskis and Romanian Mihai Ionut Paunescu were apprehended later in their home countries and are awaiting extradition to the US.

Prosecutors say the Gozi malware has infected over a million computers, among them at least 40,000 in the US - including some belonging to Nasa - causing tens of millions of dollars in losses.

The virus was distributed in various ways, including through PDFs, before collecting bank account usernames and passwords. The information was sent back to computer servers controlled by the crooks and used to transfer funds out of the accounts.

Kuzmin came up with Gozi in 2005 and began advertising it on underground forums, giving fellow criminals access to the virus for a weekly fee, enabling them to configure it to steal data of their choosing. From 2009 he changed tack and began selling Gozi outright.

Authorities allege that Kuzmin brought in Calovskis to tweak the virus, getting the Latvian to develop 'web injects' which altered how the pages of banks appeared on infected computers, tricking victims into divulging additional personal information.

Meanwhile, the third man, Paunescu - who goes by the name 'virus' - is accused of operating a bulletproof hosting service, providing servers and IP addresses for distributing Gozi as well as other malware and for initiating DDoS attacks.

Says Bharara: "In an information-age update on Willie Sutton, these men allegedly ran a modern-day bank robbery ring, and like Sutton, they targeted banks because that's where the money still is. But as we have seen with increasing frequency, cyber criminals' bank heists require neither a mask nor a gun, just a clever program and an Internet connection."

Kuzmin faces up to 95 years in prison, Calovskis 67 years, and Paunescu 60 years.
KeywordsLEGAL

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Chinese crooks pre-install malware on PCs

Chinese crooks pre-install malware on PCs

14 September 2012  |  5924 views  |  0 comments
Crooks jailed over online banking theft

Crooks jailed over online banking theft

03 July 2012  |  5613 views  |  0 comments
Russian security services bust notorious malware ring

Russian security services bust notorious malware ring

21 March 2012  |  6359 views  |  0 comments
Ukrainian authorities bust $70 million malware ring

Ukrainian authorities bust $70 million malware ring

28 June 2011  |  5968 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit vasco.com/news/PSD2-compliant-solutionsvisit www.response.ncr.comvisit www.finastra.com

Top topics

Most viewed Most shared
Worldpay pilots app-only mPOS for small retailersWorldpay pilots app-only mPOS for small re...
8693 views comments | 17 tweets | 27 linkedin
Live: EBAday 2017, day twoLive: EBAday 2017, day two
8544 views comments | 4 tweets | 5 linkedin
Live: EBAday 2017, day oneLive: EBAday 2017, day one
7816 views comments | 3 tweets | 4 linkedin
UK banks will need to change one million sort codes under ring-fencing rulesUK banks will need to change one million s...
7669 views comments | 8 tweets | 25 linkedin
Open banking rules to trigger new wave of challengersOpen banking rules to trigger new wave of...
6380 views comments | 21 tweets | 23 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job