The cyber-crook behind the Gozi computer virus, which infected more than a million computers causing tens of millions of dollars of losses, has been spared a lengthy prison spell by a US court because of his cooperation with prosecutors.
Nikita Kuzmin, who was arrested in 2010 and pleaded guilty to computer intrusion and fraud charges in 2011, has been sentenced to 37 months time served and ordered to pay $6.9 million in forfeiture and restitution.
Gozi infected victims' computers through PDFs, before collecting bank account usernames and passwords. The information was sent back to computer servers controlled by the crooks and used to transfer funds out of the accounts.
Authorities say that Kuzmin pioneered the service provider model among cybercriminals, renting out Gozi to other crooks, charging a fee of $500 a week paid in digital currency WebMoney.
Prosecutors say the Gozi malware has infected over a million computers, among them at least 40,000 in the US - including some belonging to Nasa - causing tens of millions of dollars in losses.
A Latvian accomplice called Deniss Calovskis who wrote code for web injects that enabled Gozi to target particular banks was sentenced to 21 months time served back in January. A third member of the gang, Mihai Ionut Paunescu, was arrested in Romania in 2012 and awaits extradition to the States.