Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Gozi Trojan Developer Pleads Guilty

A Latvian cybercriminal who helped in the creation of malware that infected over one million machines globally and resulted in tens of millions of dollars in losses, has pleaded guilty to conspiring to commit computer intrusion.

A Latvian cybercriminal who helped in the creation of malware that infected over one million machines globally and resulted in tens of millions of dollars in losses, has pleaded guilty to conspiring to commit computer intrusion.

Deniss Calovskis, who went online by the screen name of “Miami,” entered into a plea-bargain agreement in New York federal court and faces a maximum of 10 years in prison when sentenced on Dec. 14. Prior to the agreement, the 30-year old faced up to 67 years in jail.

Calovskis on Friday admitted to have written part of the code for the Trojan known as Gozi, “one of the most financially destructive computer viruses in history,” according to authorities. He was arrested in November 2012 and spent 10 months in jail in Latvia before being extradited to the United States earlier this year.

Calovskis was responsible for building “web injects” that altered the appearance of banking websites and fooled users with infected computers into revealing their personal identification information.

The malware reportedly affected over 40,000 PCs in the US, including over 160 NASA computers, and was used to steal millions of dollars from bank accounts worldwide.

One of the manners in which computers were infected was by means of a PDF document that installed the malware on the target computer. The virus remained “virtually undetectable in the computers it infected” and collected personal data from the machine, including bank account details that were then used to divert funds to cybercriminals.

The mastermind of the Gozi operation is Nikita Kuzmin, the Trojan’s Russian creator, arrested in 2010, who pleaded guilty to computer intrusion and fraud charges in 2011 and is still waiting conviction. A third man involved in spreading the virus is Romanian Mihai Ionut Paunescu, who was arrested in December 2012.

First developed in 2005, the malware was discovered in 2007, but the cybercriminals behind it continued operations for five more years. In addition to computers in the U.S., the malware has infected machines in France, Finland, Germany, Italy, Poland, Turkey, and the U.K.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...