The Gozi Trojan is a computer virus that steals personal bank account information, including usernames and passwords for online banking. It was discovered in January 2007 and was previously unrecognized by antivirus programs. Since 2007, the virus has infected over one million victim computers around the world, including those in the UK, Australia and the US, most notably a number of computers on NASA’s networks. It has also been responsible for causing tens of millions of dollars in losses to customers and banking institutions. Security Intelligence has discovered that a new variant of the virus is targeting banks in Bulgaria this summer for the first time. 

The virus initially infected users through altered PDF documents but methods of transmission change according to the target population.  Even in its infancy the virus was being regularly refined to acquire targets in different countries through new methodologies and to avoid detection by antivirus programs. Ultimately, all variations of the virus collect user data, including usernames and passwords, by directing users to fake banking login pages and then transmitting login credentials to servers controlled by cyber criminals, who subsequently transfer funds out of the victim’s bank account. Some variations of the fake landing pages also ask for additional information, including Social Security numbers and mothers’ maiden names, potentially facilitating additional fraud and identity theft. 

Security researchers at IBM attribute this new Eastern European variation of the virus to the simple notion of attacking a new, potentially unprepared target: “Fraudsters always take the path of least resistance. If they have been tackling very advanced fraud protection measures in the U.S. and the U.K., they may very well be testing out their ability to rob bank accounts in territories that are perhaps less protected, or less experienced dealing with advanced malware.”

Back in January 2013 three men were charged by the U.S. Department of Justice in connection with the original Gozi trojan. The creator of the trojan, Nikita Kuzmin, faces 95 years in prison. The banking trojan has been regularly updated by new cyber criminals and continues to be unleashed on unsuspecting users in new countries.