Federal prosecutors today announced criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer.
According to charging documents filed in the U.S. District Court for the Southern District of New York, authorities believe Gozi was the creation of Nikita Kuzmin, a 25-year-old Russian national. Authorities say Kuzmin was aided by 27-year-old Latvian resident Deniss “Miami” Calovskis, and Mihai Ionut Paunescu, a 28-year-0ld Romanian national who allegedly used the screen name “Virus”.
A press conference announcement sent to reporters today by the office of New York U.S. Attorney Preet Bharara states that Gozi infected more than one million computers — at least 40,000 of which were in the United States — and caused millions of dollars in losses. Bharara’s office called Gozi “one of the most financially destructive computer viruses in history.”
The charges include bank-fraud conspiracy, conspiracy to commit computer intrusion, wire-fraud conspiracy. Kuzmin was arrested in California in Nov. 2010; Calovskis was arrested in Latvia in Nov. 2012; Paunescu was arrested in last month in Romania.
First discovered in early 2007, the Gozi Trojan is a stealthy cybertheft tool that typically evades anti-virus detection for weeks — sometimes months — at a time. Cyber forensics experts say Gozi has remained a potent threat, mainly because its author has been very selective in choosing new customers and fastidious in creating custom, undetectable versions of the malware.
For all the Trojan’s sophistication, however, investigators say it was merely the delivery vehicle for the author’s real moneymaking machine: A software-as-a-service fraud scheme called “76 Service.” According to authorities, Kuzmin marketed the service on highly-vetted cyber criminal forums online, offering customers a soup-to-nuts crime machine that automated the processes of robbing online banking customers. Incredibly, this turnkey system even automated the ready supply of so-called “money mules,” willing or unwitting individuals recruited through work-at-home job scams to help thieves launder stolen funds.