Skip to main content

Feds arrest masterminds behind 'Gozi' banking virus that infected thousands of computers

Feds arrest masterminds behind 'Gozi' banking virus that infected thousands of computers


Stealthy malware is believed to have caused tens of millions of dollars in losses

Share this story

Macbook keyboard macro
Macbook keyboard macro

Federal prosecutors this week charged three Eastern European men with using the so-called Gozi virus to infiltrate more than one million computers worldwide, including more than 160 at NASA. According to court documents unsealed Wednesday, the three hackers used their malware to steal banking information from tens of thousands of individuals, resulting in losses in the "tens of millions of dollars." The three men, Nikita Vladimirovich Kuzmin, Deniss Calovskis, and Mihai Ionut Paunescu, have been charged with several counts including bank fraud conspiracy, access device fraud, and computer intrusion.

Kuzmin, 25, is accused of developing Gozi, and has already pleaded guilty. For the past two years, the Russian national has been cooperating with federal authorities to nab both Calovskis, from Latvia, and Paunescu, from Romania. Calovskis is believed to have added web injects to Kuzmin's original code, which allowed the malware to more accurately mimic a bank's website, while Paunescu (nicknamed "Virus") is accused of operating a "bulletproof" control and command center that housed targets' personal information and provided resources to criminal clients.

Gozi wreaked havoc across two continents

It's Kuzmin, however, who masterminded the whole operation. He came up with the idea in 2005, and once the virus was developed, began renting it out to other criminals as part of an operation called "76 Service." Typically embedded in .pdf files, Gozi began spreading across Europe in 2007 before arriving in the US in 2010. Kuzmin encountered technical difficulties in 2008, but Gozi marched onward, evading antivirus detectors and wreaking havoc in the process. One victim, for instance, lost more than $200,000 from his bank account after falling prey to the scheme. (For a more technical analysis of the virus' evolution and undoing, see Ars Technica's report.)

The FBI began investigating Kuzmin in May 2010, and arrested him in California in November of that year. According to authorities, the virus has thus far infected at least 40,000 computers in the US, though it is not believed to have extracted sensitive information from those targeted at NASA. After agreeing to cooperate with the feds, Kuzmin helped them arrest Calovskis and Paunescu in late 2012.

Kuzmin faces up to 95 years in prison, while Calovskis and Paunescu face maximum sentences of 67 and 60 years, respectively.