Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, January 23, 2013

Three indicted for making, spreading Gozi Trojan - Computerworld

Three individuals were indicted in New York Wednesday for allegedly creating and distributing the Gozi malware that’s said to have caused tens of million of dollars in losses at several major U.S. banks.  The trio is alleged to have conspired to steal at least $50 million from online bank accounts of people whose computers were hit with the Gozi virus. The indictments alleged that the three individuals, described as software experts, used Gozi to infect at least 100,000 computers around the world, including 25,000 in the United States.  In 2009, according to the indictment, Kuzmin was approached by unnamed co-conspirators seeking to use the Gozi malware to attack customers of American banks.

Paunescu, a Romanian national based in Bucharest, operated a so-called “bullet-proof” hosting service using computers housed in Romania, the United States and other countries.  The complaint says Paunescu provided Kuzmin and others with servers and IP addresses that allowed them to use and distribute Gozi and other banking Trojans such, as Zeus and SpyEye, with relative anonymity.

The court papers also allege Paunescu’s rented servers hosted the tools used to launch distributed denial of service attacks, including several that took advantage of the infamous Black Energy botnet.  The server were often used as command and control servers for botnets and as proxy systems that let attackers to hide their identities, the complaint said.

Calovskis, a Latvian national, was indicted on charges of developing a web injection code that was used to alter how banking websites appeared on infected computers.  The software fooled victims into providing key security information such as their mother’s social security number and mother’s maiden name when they attempted to log into their bank’s website.

Posted on 01/23