Three indicted for making, spreading Gozi Trojan
Malware was used to steal millions of dollars from U.S., offshore bank accounts, since 2006
Computerworld - Three individuals were indicted in New York Wednesday for allegedly creating and distributing the Gozi malware that's said to have caused tens of million of dollars in losses at several major U.S. banks.
U.S. Attorney Preet Bharara said indictments were filed today against Nikita Kuzmin, Mihai Paunescu and Deniss Calovskis today.
The trio is alleged to have conspired to steal at least $50 million from online bank accounts of people whose computers were hit with the Gozi virus.
The indictments alleged that the three individuals, described as software experts, used Gozi to infect at least 100,000 computers around the world, including 25,000 in the United States.
The U.S. Attorney's office says Kuzmin, a Russian citizen, was the chief architect of the virus. The indictment alleges that Kuzmin created a list of master specifications for the Gozi malware in 2005. The malware was created by a partner based on the specs.
Kuzmin is alleged to have started renting the Gozi code by the week to cybercrimnals starting in 2006. The lease operation was called "76 Service", according to the complaint.
The initial Gozi attacks mostly targeted customers of European banks.
In 2009, according to the indictment, Kuzmin was approached by unnamed co-conspirators seeking to use the Gozi malware to attack customers of American banks.
Kuzmin sold the Gozi source code to the co-conspirators for approximately $50,000 plus a share of the profits.
Kuzmin faces seven criminal charges related to wire fraud, access device fraud and computer intrusion.
The court papers say Paunescu provided the infrastructure for the operation.
Paunescu, a Romanian national based in Bucharest, operated a so-called "bullet-proof" hosting service using computers housed in Romania, the United States and other countries.
The complaint says Paunescu provided Kuzmin and others with servers and IP addresses that allowed them to use and distribute Gozi and other banking Trojans such, as Zeus and SpyEye, with relative anonymity.
The court papers also allege Paunescu's rented servers hosted the tools used to launch distributed denial of service attacks, including several that took advantage of the infamous Black Energy botnet. The server were often used as command and control servers for botnets and as proxy systems that let attackers to hide their identities, the complaint said.
Calovskis, a Latvian national, was indicted on charges of developing a web injection code that was used to alter how banking websites appeared on infected computers. The software fooled victims into providing key security information such as their mother's social security number and mother's maiden name when they attempted to log into their bank's website.
The information was later used to steal funds from victim accounts, the complaint alleged.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, send e-mail to firstname.lastname@example.org or subscribe to Jaikumar's RSS feed .
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Target attack shows danger of remotely accessible HVAC systems
- U.S. is investigating Target data breach, AG Holder says
- Russian man pleads guilty in SpyEye malware case
- Suspected email hackers for hire charged in four countries
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts