X

3 charged in malware scheme targeting bank accounts

U.S. prosecutors say three foreign nationals created and distributed a virus that infected 1 million computers worldwide, including 40,000 in the U.S.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read

U.S. authorities have charged three foreign nationals with creating and distributing a virus that allowed thieves to steal tens of millions of dollars from victims' bank accounts.

The three are accused of creating the Trojan virus Gozi, which infected more than 1 million computers worldwide and 40,000 in the United States, including computers belonging to NASA, according to court documents unsealed today by U.S. Attorney Preet Bharara in Manhattan. Nikita Kuzmin, 25, Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28, are accused of creating "one of the most financially destructive computer viruses in history."

The malware installed itself on computers after users clicked on an apparently benign PDF file embedded in an e-mail, allowing the cybercriminals to siphon user names, passwords, and other security information used to hijack online bank accounts, prosecutors alleged.

"Banking Trojans are to cybercriminals what safe-cracking or acetylene torches are to traditional bank burglars -- but far more effective and less detectable," FBI Assistant Director-in-Charge George Venizelos said in a statement. "The investigation put an end to the Gozi virus."

Kuzmin, a Russian national who was arrested in 2010, pleaded guilty to bank fraud charges in 2011 and agreed to cooperate with federal prosecutors. Kuzmin began conceiving Gozi in 2005 to steal bank account information and hired co-conspirators to write the virus' source code, prosecutors said today.

Kuzmin then rented out the malware to cybercriminals for a weekly fee through a business he called "76 Service," before eventually selling the virus to his co-conspirators in 2009, according to court documents. Calovskis, of Latvia, is accused of writing the virus' code, while Paunescu, of Romania, allegedly provided "bullet-proof hosting" to distribute Gozi.

The U.S. is seeking extradition of Kuzmin's alleged co-conspirators, who were arrested late last year in their home countries. It was not immediately clear who, if anyone, had been hired to represent the defendants in court. The trio faces up to 60 to 95 years in prison if convicted of the charges.