Romanian National Behind Malicious Malware Attacks Sentenced To Prison

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Mihai Ionut Paunescu, AKA “Virus” was arrested and sentenced by the Manhattan Federal Court to three years in prison for perpetrating cyberattacks.

Specifically, he was arrested for running a “bulletproof hosting” that allowed other threat actors to distribute the Gozi Virus, the BlackEnergy malware, Zeus Trojan, and the SpyEye Trojan. according to the US Department of Justice (DOJ). All of these viruses were designed to steal sensitive financial information from victims.

“PAUNESCU also enabled other cybercrimes, such as initiating and executing distributed denial of service (“DDoS”) attacks and transmitting spam,” said the DOJ. “Paunescu’s bulletproof hosting service shielded his criminal customers from both law enforcement and cybersecurity professionals while enriching himself.  Paunescu now faces prison time and will be required to forfeit his ill-gotten gains.”

The Gozi virus stole account information from over 1 million people — the information includes usernames, passwords, and banking information. Infected computers were found internationally, including in the US, as well as Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and more.

BlackEnergy was originally created to launch international DDoS attacks but was upgraded to also steal users’ financial information. The Zeus Trojan and the SpyEye Trojan work similarly, targeting victims’ sensitive banking credentials.

“In imposing the sentence, Judge Schofield gave PAUNESCU credit for the approximately one year and two months that the defendant was held in Romanian and Colombian custody prior to his extradition to the United States,” the DOJ states. “In addition to his prison sentence, PAUNESCU, 39, of Bucharest, Romania, was ordered to forfeit $3,510,000 and pay restitution in the amount of $18,945.”

US Attorney Damian Williams extended thanks to the FBI for their work in investigating the crimes, The Department of Justice’s Computer Crime and Intellectual Property Section, the NASA Office of Inspector General, and many more who worked collaboratively to bring down the operation.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."