The Gozi virus, named by the security experts who first discovered it in 2007, was a banking virus that infected more than one million computers in the U.S., UK, Germany, Poland, France, Finland, Italy, Turkey and elsewhere, causing tens of millions of dollars in damages. Systems at NASA were also penetrated by the attacks. The malware was rented or sold to criminal gangs by Nikita Kuzmin, a Russian national who created the Gozi virus with the support of accomplices from neighboring countries.
Initially designed simply to capture and transmit personal banking information, later versions contained a capability to intercept browser traffic and modify Web communications. Gozi was controlled through a so-called “bulletproof hosting” service that helped cyber criminals distribute the Gozi virus in a manner designed to enable them to preserve their anonymity. Gozi was disseminated to its victims through various methods, most commonly disguised as a benign PDF document.
Nikita Kuzmin was arrested in the U.S. in November 2010 and pled guilty to computer intrusion and fraud charges, but banks have continued to experience attacks from Gozi, which continues to be enhanced. A new variant of Gozi, which appeared in early 2013, infects the hard disk master boot record — an attack that cannot be easily eradicated even by reformatting and reinstalling the operating system