Three people involved for years in cybercriminal activities in Eastern Europe have been charged in a U.S. court for creating and distributing the Gozi virus that infected more than 1 million computers and allowed cybercriminals to steal millions of dollars over a five-year period.
One defendant, Nikita Kuzmin of Russia, the alleged chief architect and promoter of Gozi, pled guilty in May 2011 to computer intrusion and fraud charges, the U.S. Department of Justice announced.
Two other defendants. Mihai Ionut Paunescu of Romania and Deniss Calovskis of Latvia, face a variety of charges in U.S. District Court for the Southern District of New York, the DOJ said. Gozi targeted online banking credentials and other online accounts and infected 40,000 computers in the U.S., including 160 at NASA, the U.S. space agency.
The DOJ released formerly sealed indictments on Wednesday.
Kuzmin, arrested in the U.S. in November 2010, began working on Gozi in 2005, and computer security experts discovered the threat in 2007, according to court documents. Kuzmin faced a maximum of more than 97 years in prison on the six counts he pled guilty to, but he agreed to cooperate with an ongoing investigation into the Gozi virus.
Paunescu, who allegedly provided secure hosting to the creators of Gozi, the Zeus Trojan and the SpyEye Trojan, faces charges of conspiracy to commit computer intrusion, conspiracy to commit bank fraud and conspiracy to commit wire fraud. He was arrested in Romania in December.
Calovskis, who allegedly developed Web injects code for both Gozi and Zeus, faces charges of bank fraud conspiracy, access device fraud conspiracy and conspiracy to commit computer intrusion, among other charges. Calovskis was arrested in Latvia in November.
Early in the development of the virus, Kuzmin hired a computer programmer to help him develop Gozi, which stole personal bank and other information from computers while remaining virtually undetectable, according to court documents. In 2006, Kuzmin allegedly began offering the virus to others for a weekly fee, his indictment said.
The stolen data was sent back to a server controlled by Kuzmin, the DOJ alleged. In 2009, a group of cybercriminals asked Kuzmin to sell them the source code of Gozi so they could attack U.S. computers, the DOJ said. Kuzmin sold the source code to several co-conspirators through mid-2010, according to court documents.
Updated with new information throughout the story at 11:15 a.m. PT.