Home / In evidenza / The Case of Gozi Trojan Virus : Not all surprises are always beautiful even inviting

The Case of Gozi Trojan Virus : Not all surprises are always beautiful even inviting

As the ancient Greek legend of the fall of Troy, a Trojan Horse, as Gozi , is a malicious piece of software which requires users to invite it in, and is therefore disguised as something else.

“Gozi” was and is nowadays a Trojan virus or “malware” which injects fields into websites of financial institutions without their knowledge and that steals personal bank account information, including usernames and passwords creating back doors, a real good way for cybercriminals to trick people into thinking they are getting answers from genuine and serious financial companies.òù

Since 2007, the so called Gozi (the name was invented by private sector information security experts in the U.S.) has infected at least 1 million computers worldwide, including 40,000 in the US and also across Europe on a vast scale, remaining virtually undetectable in infected computers.

Documents released in federal court Wednesday shed light on the federal takedown of the gang – including

The three alleged international cybercriminals suspected of creating and distributing the Gozi virus  as well as the inner workings of the gang were firstly Nikita Kuzmin, a Russian national, who was the mastermind who set out the technical specifications and hired a programmer called only “CC-1” to create the Gozi Trojan in 2005. Mr. Kuzmin was arrested during a visit to the US in November 2010, later pleading guilty to computer intrusion and fraud charges in May 2011.

Secondly was Deniss Calovskis, a Latvian who goes by the online nickname “Miami,” who is alleged to have written some of the computer code that made the Gozi Trojan so effective and dangerous. He was arrested in Latvia in November 2012 , indicted on several conspiracy charges, including conspiracy to commit aggravated identity theft.

Thirsty to be found was Mihai Ionut Paunescu, a Romanian whose alleged hacker handle is “Virus”, arrested in Romania in December 2012. Authorities say that he operated a so-called bulletproof hosting service that enabled Kuzmin and other cybercriminals to distribute the Gozi Trojan, the Zeus Trojan, and other infamous malware.


After this introduction of one of the most important case of cyber criminality in the last decade, we have to put the attention on what is really a Trojan virus, and what we have to do to protect our computer and firstly our data inside it.


A Trojan Horse is a utility that contains hidden code that performs functions that are not legitimate and  that masquerades as regular programs, such as games, disk utilities, and even antivirus programs. But if they are run, these programs can do malicious things to computers. Unlike viruses, however, Trojan horses don’t replicate themselves. Though it is possible for a Trojan horse to be attached to a virus file that spreads to multiple computers. It is curious because a Trojan horse cannot operate the system if it is not activated by the user, but if they are called they have the ability to scan the internet or local networks looking for vulnerable machines, it’s wise to minimize the risk by shutting down.

The problem is that the discretional policies control only direct accesses , don’t carry any control over what happens to information once released. So all the application runs (hence the hidden code of course) depends on the identity of the user who invoked the application and its permissions.


Tips step by step to remove Trojan Virus

If it’s a problem with a computer, it can generally be solved with software. Don’t be scared of the price that some programs can have, because if you run business data, or keep documents vital to national security, then the cost of such software isn’t an issue.

lLet’s have a look on few steps that we could follow to prevent and remove attacks from these Virus:

– The first thing we will want to do before installing the Trojan removal software is to disable the System Restore function and this can easily be enabled again once we have removed the Trojan from the system.
– Once our System Restore function is disabled, we are ready to install our Trojan removal software, and after that it may require a system restart.
Whether a restart is or is not necessary, we will want to reboot our computer in to safe mode, so we are ready to run the Trojan removal software. Remember to be sure to allow enough time for the program to perform a thorough scan so that it locates and removes all malware and spyware, as well as the Trojan itself.

– When the program has finished running, and everything is clear, we will repeat step, but this time, by booting our computer normally and letting the Trojan removal software run once more.

– Once you get a report back from the Trojan removal software saying that everything is clear, we can finally enable your System Restore function and get back to our things.



Internet attacks are always more present nowadays, due to the lack of security and to the several networks and data streams that stay and move in it. Doing the steps explained at the top, ensures that the Trojan Virus didn’t leave anything behind, and that the virus is gone from your system.


Useful Links:




About Vanessa Lumini

The genius build the world, the clever turn around, and the stupid think that the world revolves around them .. Laureata e appassionata in Informatica, contabile amministrativa di professione da 5 anni, con la voglia di diffondere le mie passioni in tutte le lingue a me possibili.

Leave a Reply

Your email address will not be published. Required fields are marked *


Scroll To Top