MIHAI IONUT PAUNESCU, a/k/a “Virus,” a Romanian national, was sentenced to three years in prison on March 28, 2024, in Manhattan federal court for conspiracy to commit computer intrusion in connection with running a “bulletproof hosting” service that enabled cybercriminals to distribute the Gozi Virus, the Zeus Trojan, the SpyEye Trojan, and the BlackEnergy malware.
U.S. Attorney Damian Williams said, “Paunescu ran a ‘bulletproof’ hosting service that enabled cybercriminals throughout the world to spread malware that stole confidential financial information, crashed websites, and caused other harm. By allowing cybercriminals to acquire online infrastructure for their unlawful activity without revealing their true identities, Paunescu’s bulletproof hosting service shielded his criminal customers from both law enforcement and cybersecurity professionals, while enriching himself. Paunescu now faces prison time and will be required to forfeit his ill-gotten gains.”
In imposing today’s sentence, Judge Lorna G. Schofield said that PAUNESCU facilitated the distribution of “some of the most serious malware circulating at the time” and “made considerable money from it.”
The Gozi Virus is malicious computer code or “malware” that stole personal bank account information, including usernames and passwords, from the users of affected computers. The Gozi Virus infected over one million victim computers worldwide, among them at least 40,000 computers in the United States, including computers belonging to the National Aeronautics and Space Administration (“NASA”), as well as computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and elsewhere.
Similar to the Gozi Virus, the Zeus Trojan and the SpyEye Trojan were designed to steal confidential financial information from victims’ computers. BlackEnergy was initially designed to launch World Wide Web-based DDoS attacks and later upgraded to include the ability to steal account access credentials.
“Bulletproof hosting” services helped cyber criminals distribute the Gozi Virus with little fear of detection by law enforcement. Bulletproof hosts provided cyber criminals using the Gozi Virus with the critical online infrastructure they needed, such as Internet Protocol (“IP”) addresses and computer servers, in a manner designed to enable them to preserve their anonymity.
Related Federal Cases
- Kendrick Charged with Computer Intrusion · Alabama
- Insurance Companies Fined $14.2M for Data Breach, New York NY, 2023 · New York
- Daniel Pocock Files Civil Rights Lawsuit, New York NY, 2023 · Alabama
- Allstate Insurance Company, Data Breach Lawsuit, New York NY, 2020 · New York
- New York Man Pleads Guilty to Cyberstalking Cincinnati Woman · New York
Key Facts
- State: New York
- Category: Cybercrime
- Source: DOJ Press Release â†â€â€
ðŸâ€Â’ Get the grimiest stories delivered weekly. Subscribe free →
MORE FEDERAL CRIME NEWS
CybercrimeCybercrimeCybercrimeCybercrime