Gozi.3 men,1M computers infected, Millions $ stolen

Pierluigi Paganini January 26, 2013

The news is sensational US authorities blamed 3 individuals of a large scale malware-based attack against banking world, the trojan infected at least one million computers stealing millions of dollars.

The three are the Russian Nikita Kuzmin (25 year old), Latvian resident Deniss Calovskis (27 year old) and Romanian Mihai Ionut Paunescu (28 year old) were the creators of Gozi Trojan, considered by DoJ “one of the most financially destructive computer viruses in history” and that hit around 40000 US computers, including systems at NASA.


The Gozi Trojan appeared for first time in 2007, the typical method of spread is through sending a compromised PDF document to the victim,  during the last 5 years he infected millions of computers all over the world causing tens of millions of dollars in losses.

The cyber criminals were well organized, Kuzmin designed the malware, Calovskis was involved in malware creation and Paunescu was responsible for providing “bulletproof hosting” service to distribute various malware such as ZeuS and the same Gozi.

Calovskis is considered the mind if the operation, he is a talent and according the authorities he is also creators of “web injects” code to propose altered web pages of bank accounts to the victims to hide the scam.

FBI Assistant Director-in-Charge George Venizelos declared:

“This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars. Banking Trojans are to cyber criminals what safe-cracking or acetylene torches are to traditional bank burglars – but far more effective and less detectable. The investigation put an end to the Gozi virus.”

Gozi malware was proposed by the authors also with well-known formula of malware-as-service, the criminals rented out the trojan on a weekly basis through a business called “76 Service” proposed on various underground forums.


The commercialization model created various version of the malware designed to respond to specific request of the buyers.

The malicious code has been refined over the years to make more efficient the trojan that in its last version was also able to steal additional personal information mixing social engineering and web injection techniques to provide fake contents.

In this phase a joint venture between law enforcement of various states involved in the investigation is collecting evidences to motivate the accusations, the three guys are obviously innocent until proven will not be their responsibility.

What is surprising of this history is the efficiency of the monetization process and the model of commercialization, three guys have managed to create huge financial losses for several years let’s think which could be the effect of largest cyber criminal campaigns. Worldwide IT community must be aware on the cyber threats, it is the only way to prevent huge losses, criminal organizations are conducting cyber attacks of increasing complexity difficult to mitigate especially is victims using outdated systems or adopt incorrect behavior.

Pierluigi Paganini

you might also like

leave a comment