Three charged with distributing Gozi virus

The defendants face a variety of charges in a U.S. court
  • Grant Gross (IDG News Service)
  • — 23 January, 2013 16:19

Three people allegedly involved for years in cybercriminal activities in Eastern Europe have been charged in a U.S. court for creating and distributing the Gozi virus that infected more than 1 million computers and allowed cybercriminals to steal millions of dollars over a five-year period.

The three defendants, Nikita Kuzmin of Russia, Mihai Ionut Paunescu of Romania, and Deniss Calovskis of Latvia, face a variety of charges in U.S. District Court for the Southern District of New York, the U.S. Department of Justice announced Wednesday. Gozi targeted online banking credentials and other online accounts and infected 40,000 computers in the U.S., including 160 at NASA, the U.S. space agency.

Kuzmin, the alleged chief architect and promoter of Gozi, faces charges of bank fraud and conspiracy, access device fraud and conspiracy, and computer intrusion, among other charges. Kuzmin allegedly began working on Gozi in 2005, and computer security experts discovered the threat in 2007, according to court documents.

Paunescu, who allegedly provided secure hosting to the creators of Gozi, the Zeus Trojan and the SpyEye Trojan, faces charges of conspiracy to commit computer intrusion, conspiracy to commit bank fraud and conspiracy to commit wire fraud.

Calovskis, who allegedly developed Web injects code for both Gozi and Zeus, faces charges of bank fraud conspiracy, access device fraud conspiracy and conspiracy to commit computer intrusion, among other charges.

Early in the development of the virus, Kuzmin hired a computer programmer to help him develop Gozi, which stole personal bank and other information from computers while remaining virtually undetectable, according to court documents. In 2006, Kuzmin allegedly began offering the virus to others for a weekly fee, his indictment said.

The stolen data was sent back to a server controlled by Kuzmin, the DOJ alleged. In 2009, a group of cybercriminals asked Kuzmin to sell them the source code of Gozi so they could attack U.S. computers, the DOJ said. Kuzmin sold the source code to several co-conspirators through mid-2010, according to court documents.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Tags: Mihai Ionut Paunescu, Nikita Kuzmin, U.S. Department of Justice, Deniss Calovskis, security, legal, Exploits / vulnerabilities, cybercrime, malware, U.S. District Court for the Southern District of New York

Turkey’s ISPs hijack Google’s DNS service, killing bypass for Twitter, YouTube ban

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Management Solutions

Endpoint Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.