Gozi malware creator sentenced to time served
Nikita Kuzmin, the creator of the Gozi malware, was sentenced on Monday in Manhattan federal court to time served (37 months). He was also ordered to pay nearly $7 million in restitution.
Kuzmin, a 28-year old Russian citizen, pled guilty to the computer intrusion and fraud charges in May 2011. The relatively short prison sentence is due to a cooperation agreement with the US authorities – more likely than not they used his expertise in other investigations.
The impact of Gozi malware
Gozi, which was used to steal money from bank accounts, was found to have infected over one million computers across the US, Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and other countries. US victims include individuals, companies, and others, including the National Aeronautics and Space Administration (NASA). The malware caused at least tens of millions of dollars in losses to victims.
The Gozi malware was first spotted in 2007. It infected the victim’s computer via fake .pdf documents that triggered the download of the malware. It collected bank account-related data from the victim’s computer, and would send it to a C&C server controlled by Kuzmin or other cyber crooks.
In addition to creating Gozi, Kuzmin rented out the Gozi “executable,” the file that could be used to infect victims with the malware, to other criminals for a fee of $500 per week. Selling and renting out the malware netted him at least a quarter of a million dollars.
Kuzmin was arrested in 2010 when he traveled to the US to attend a conference.
Earlier this year, Deniss Calovskis, aka “Miami,” a Latvian national who wrote the computer code for certain “web injects” that enabled Gozi to target information from particular banks, was sentenced to time served (21 months) for his role in the offense.
Mihai Ionut Paunescu, aka “Virus,” a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cybercriminals to distribute Gozi and other notorious malware, was arrested in Romania in December 2012 and currently awaits extradition to the United States.