Romanian Who Allegedly Sold Malware Hosting Extradited to US

Mihai Paunescu, aka Virus, Faces 3 Criminal Counts in Court
Romanian Who Allegedly Sold Malware Hosting Extradited to US
Mihai Paunescu after his detention in Colombia (Photo courtesy of the Office of the Attorney General of Colombia)

A Romanian man accused of managing the digital infrastructure behind a banking Trojan that stole tens of millions of dollars now finally faces trial in the United States after his extradition from South America.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Federal authorities yesterday presented Mihai Ionut Paunescu, aka Virus, in Manhattan federal court a year after Colombian authorities detained the fugitive in a Bogota airport. Romanian authorities arrested Paunescu in 2012 but released him on bail. A U.S. grand jury returned a three-count indictment against him in 2013. If convicted on all charges - conspiracy to commit bank fraud, wire fraud and computer intrusion - the 37-year-old faces a maximum of 60 years imprisonment.

Paunescu allegedly offered cybercriminals so-called "bulletproof hosting," including a command-and-control server for the Gozi malware that during the early 2000s infected more than 1 million computers. Among them were 60 computers belonging to NASA, through which thieves stole about $19,000.

His alleged business model was to rent servers and network connectivity from legitimate providers and sublease the infrastructure to other cybercriminals. Other malware Paunescu is accused of facilitating include the Zeus and SpyEye Trojans. He also allegedly allowed his criminal clientele to execute DDoS attacks by hosting the BlackEnergy bot toolkit.

Paunescu kept a database to manage his server subleasing operation that included labels such as "zeus 100%SBL" and "100%SBL malware," prosecutors say.

According to the indictment, the defendant helped clients evade detection by law enforcement agencies by scanning lists of suspicious or untrustworthy IP addresses maintained by the Spamhaus Project. In case of a match, it says he would relocate his customers' data to a different network and IP address - and sometimes to a whole new country.

The case against Paunescu has been ongoing for about a decade. It "demonstrates that we will work with our law enforcement partners here and abroad to pursue cybercriminals who target Americans, no matter how long it takes," says U.S. Attorney Damian Williams of the Southern District of New York, where Paunescu is expected to stand trial. A trial date has not been set yet, but the case has been assigned to District Judge Lorna G. Schofield.

Other Conspirators

Two individuals with whom Paunescu's allegedly conspired have already gone through the American judicial system (see: Did Feds Defuse Blitzkrieg on Banks?).

A federal judge in 2016 sentenced Gozi creator Nikita Kuzmin to 37 months of time served after the Russian national pleaded guilty and cooperated with U.S. officials. A judge ordered him to pay $6.9 million in restitution (see: Gozi Creator Sentenced for Bank Attacks).

Deniss Čalovskis, aka Miami, a Latvian national who enhanced Gozi by creating web injects, pleaded guilty in 2015 to a single count of conspiracy to commit computer intrusion. He received a 21-month sentence in January 2016.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.