Share

Related Links

Top 5 Stories

News

Gozi malware mastermind and two others charged in New York court

24 January 2013

Three of the leading figures behind the development and use of the Gozi banking malware have been charged in New York for numerous offenses that carry a maximum penalty ranging from 60 to 95 years in prison.

The three accused are Nikita Kuzmin (Russian), Deniss Calovskis (Latvian) and Mihai Ionut Paunescu (Romanian). Kuzmin is considered both the ringleader and mastermind behind the Gozi malware. Court papers say that in 2005 he developed the technical specification for a virus to steal personal bank account information. He then subcontracted the coding to “a sophisticated computer programmer to write the virus’s ‘source code'."

Gozi became one of the earliest and most successful man-in-the-browser trojans, infecting, say the papers, “at a minimum, over 100,000 computers around the world, including at least 25,000 computers in the United States, and has caused, at a minimum, tens of millions of dollars in losses.” Elsewhere, the indictment makes clear that the government will be seeking forfeiture of $50 million dollars in reparations.

Calovskis, aka 'Miami', is accused of providing code tweaks to Gozi to customize the web injects for specific clients. The web injects define how the falsified web page will appear on the user’s browser, allowing the attacker to request specific or additional information that is sent by the malware to the command and control servers. 

Those C&C servers may well have been provided by, or at least shielded by, Paunescu’s bullet-proof hosting service.

The whole operation, from conception to fruition, together with the FBI’s investigation, can be found in the Department of Justice published documents. “They make fascinating reading,” comments Paul Ducklin of Sophos, “weaving together the activities of the accused troika into a long-running story that could apply to almost any successful online enterprise – but for the fact that the business described is unashamedly devious and criminal."

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×