Three individuals, suspected of developing and distributing the notorious Gozi malware, have been charged in a Manhattan federal court.
According to the US Department of Justice, the Gozi malware has infected more than one million computers, causing losses totaling tens of millions of dollars.
The suspects are Nikita Kuzmin, a Russian national who is believed to have created the malware, Deniss Calovskis, a Latvian who contributed to Gozi’s development, and Romanian Mihai Ionut Paunescu who ran the “bulletproof” hosting service used to distribute the malicious element.
Kuzmin, aged 25, was arrested back in November 2010 and already pled guilty to computer intrusion and fraud charges in May 2011.
27-year-old Calovskis was arrested in Latvia in November 2012 and 25-year-old Paunescu was arrested last month in Romania.
Court documents reveal that Kuzmin created a list of technical specifications for Gozi back in 2005. He then hired a computer programmer, “CC-1,” to write its source code.
Once the malware had been developed, Kuzmin started selling it to his co-conspirators. He contracted Calovskis and others to improve the malicious creation.
Authorities believe that Calovskis wrote the code for the web injects.
The bulletproof hosting services offered by Paunescu were used not only for the distribution of the Gozi malware, but also for other cybercrimes, such as spam, distributed denial-of-service (DDOS) attacks, and the distribution of other Trojans such as ZeuS and SpyEye.
“This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the U.S., and resulted in the theft or loss of tens of millions of dollars,” said FBI Assistant Director-in-Charge George Venizelos.
“Banking Trojans are to cyber criminals what safe-cracking or acetylene torches are to traditional bank burglars – but far more effective and less detectable. The investigation put an end to the Gozi virus.”
If found guilty, Kuzmin faces a maximum penalty of 95 years in prison. Calovskis and Paunescu face 67, respectively 60 years in prison.