IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Romanian man extradited to US over Gozi virus hacking charges

The man allegedly ran a service that helped cyber criminals distribute the Gozi virus which ended up infecting over one million computers worldwide, including some which belonged to NASA

A dual Romanian and Latvian national has been extradited to the US from Colombia for allegedly running a “bulletproofing hosting” service that enabled cyber criminals to distribute the Gozi virus.

Mihai Ionut Paunescu, 37 years old and also known as Virus, also allegedly enabled other cyber crimes, such as distributing malware like Zeus Trojan and SpyEye Trojan, initiating and executing distributed denial of service (DDoS) attacks, and transmitting spam, said federal attorneys yesterday.

The Gozi virus, first discovered in 2007, is malware that stole personal bank account information, including usernames and passwords, from users of affected computers, according to allegations in documents filed in Manhattan federal court. The virus infected over one million computers worldwide, including around 40,000 in the US, some of which belonged to NASA.

It caused tens of millions of dollars in losses to individuals, businesses, and governments whose computers were infected. Once installed, Gozi would collect data from the infected computer to capture personal bank account information which was then transmitted to various computer servers controlled by criminals who used the virus. They would then use the personal information to transfer funds out of victims’ bank accounts and into their possession.

“Bulletproof hosting” services helped cyber criminals to distribute the Gozi Virus with little fear of detection by law enforcement, said federal attorneys. Bulletproof hosts provided cyber criminals with critical online infrastructure they needed, including IP addresses and computer servers, in a manner designed to enable them to preserve their anonymity.

Paunescu allegedly rented servers and IP addresses from legitimate internet service providers and then rented these to cyber criminals. He also provided servers which were used as command-and-control servers to conduct DDoS attacks and monitored IP addresses he controlled to determine if they appeared on a special list of suspicious or untrustworthy IP addresses. Lastly, Paunescu also relocated his customers’ data to different networks and IP addresses to avoid being blocked as a result of private security or law enforcement scrutiny.

“Mihai Ionut Paunescu is alleged to have run a “bulletproof hosting” service that enabled cyber criminals throughout the world to spread the Gozi virus and other malware and to commit numerous other cybercrimes,” said US attorney Damian Williams. “His hosting service was specifically designed to allow cyber criminals to remain hidden and anonymous from law enforcement.  Even though he was initially arrested in 2012, Paunescu will finally be held accountable inside a U.S. courtroom.  This case demonstrates that we will work with our law enforcement partners here and abroad to pursue cyber criminals who target Americans, no matter how long it takes.”

Related Resource

An analysis of the European cyber threat landscape

Human risk review 2022

Whitepaper cover with title and three colleagues sat at a table laughing togetherFree Download

Paunescu was initially arrested in Romania in December 2012 before being released on bail and was then arrested again in Colombia last year at the request of the US government. 

He is being charged with one count of conspiracy to commit computer intrusion, which carries a maximum penalty of 10 years in prison, as well as one count of conspiracy to commit bank fraud, which carries a maximum penalty of 30 years in prison. He is also charged with one count of conspiracy to commit wire fraud, which carries a maximum penalty of 20 years in prison.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Google adds stronger safeguards for Workspace accounts
collaboration

Google adds stronger safeguards for Workspace accounts

11 Aug 2022
DoD taps up Torch.AI to strengthen cyber security capabilities
cyber security

DoD taps up Torch.AI to strengthen cyber security capabilities

11 Aug 2022
FedEx to invest in more robotic automation from Berkshire Grey
Business strategy

FedEx to invest in more robotic automation from Berkshire Grey

4 Aug 2022
Ericsson gets green light for $6.2 billion Vonage buyout
mergers and acquisitions

Ericsson gets green light for $6.2 billion Vonage buyout

15 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022