US charges Russian man believed to be behind 'GOZ' botnet

The US Justice Department has charged a Russian national with writing computer code used to compromise banking systems and assist others in stealing banking credentials.

The government has unsealed a 14-count indictment accusing Russian national Evgeniy Mikhaylovich Bogachev, who authorities said is known online as Lucky12345, of involvement in the creation of the Gameover Zeus, or GOZ botnet.

Authorities claim Bogachev and his group infected thousands of business computers with software that captured passwords, account numbers, and other information.

The botnet derives its name from a version of the Zeus credential-stealing software, which is said to have caused US$100 million (A$ 108 million) in losses to consumers and businesses since it first surfaced in 2007. 

The malware’s primary purpose was to capture banking credentials and is said to have infected between 500,000 and one million machines worldwide.

GOZ was also used to distribute Cryptolocker ransomware with criminals promising to unscramble data if the user paid them a ransom of as much as US$700 (A$757).

An international operation disrupted the crime ring. Authorities used technical and legal tactics to interrupt the so-called botnet's operations, shutting down the servers the criminals used to control infected machines and causing those machines to "phone home" to servers controlled by law enforcement.

“These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt,”  said Leslie Caldwell, who heads the US Justice Department's criminal division.

The US Department of Homeland Security set up a website to help victims remove the GOZ malware.

The European Cybercrime Centre also participated in the operation, along with Australia, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, Ukraine and the United Kingdom.

Intel, Microsoft, security software companies F-secure, Symantec, and Trend Micro, and Carnegie Mellon University also supported the operation.