Manhattan Court charges creators of Gozi, the world’s most destructive financial virus

In a landmark development for the cyber security world, three cyber criminals have been charged in a Federal Manhattan Court in New York for stealing ‘tens of millions of dollars’ from online banking customers. The hackers were guilty of running Gozi, one of the most advanced and financially destructive viruses ever seen in the world.

The FBI arrested the primary accused behind this virus in 2010 and he then confirmed that the virus had been functional since 2005. Since then, the Gozi virus infected more than 1 million computers all around the world. About 40,000 of these incidents were discovered in the United States and this led to the aggressive takedown operation carried out by the FBI. It is believed that the total losses caused by this virus ran up to several million dollars and various businesses and government entities were affected.

The working of the Gozi virus
The virus was designed to resemble an innocent looking PDF document that asked for bank customer details. Once opened, it installed malicious software on the machines. From then on, the virus could systematically steal personal details like bank account numbers, usernames and passwords as well. This led to losses of millions of dollars as thousands of people found large amounts of money transferred out of their accounts without their knowledge.

The attackers used two popular techniques – HTML injection and Man-in-the-browser (MITB) attacks to present the infected PDF document as soon as a customer visited the website of a targeted bank. The Gozi virus made its way into thousands of machines in this manner. Incidents like this emphasize why updated system protection software is essential for web users, especially those who carry out financial transactions online.

The creators of the Gozi virus
The 3 individuals who are convicted are Nikita Kuzmin from Russia, Deniss Calovskis from Latvia and Mihai Ionut Paunescu from Romania. They have been sentenced to 95 years, 67 years and 60 years respectively, in prison.

The primary accused, Nikita Kuzmin, apparently developed the code in 2005 and sold it over the Russian underground market for $50,000 and a subsequent share in profits. Calovskis helped in the development of the code and also created HTML injection tricks and phishing tricks to get details like social security number, driver’s license number, ATM PIN and card number, date of birth and mother’s maiden name. He was arrested in December 2012. Paunescu provided a web hosting service that allowed the other accused individuals to remain hidden from authorities. He was arrested in November 2012.

Cases like this should not come as a surprise anymore as virus development has now reached very advanced levels. We would again like to remind web users that virus protection software solutions are critical for online activities because threats can arise in any form. Massive financial losses can be avoided if simple security measures are followed by web users everywhere.

Rahul Thadani