A Romanian man accused of managing the digital infrastructure behind a banking Trojan that stole tens of millions of dollars now finally faces trial in the United States after his extradition from South America.
Federal authorities yesterday presented Mihai Ionut Paunescu, aka Virus, in Manhattan federal court a year after Colombian authorities detained the fugitive in a Bogota airport. Romanian authorities arrested Paunescu in 2012 but released him on bail. A U.S. grand jury returned a three-count indictment against him in 2013. If convicted on all charges – conspiracy to commit bank fraud, wire fraud and computer intrusion – the 37-year-old faces a maximum of 60 years imprisonment.
Paunescu offered cybercriminals so-called “bulletproof hosting,” including a command-and-control server for the Gozi malware that during the early 2000s infected more than 1 million computers. Among them were 60 computers belonging to NASA, through which thieves stole about $19,000.
His business model was to rent servers and network connectivity from legitimate providers and sublease the infrastructure to other cybercriminals. Other malware Paunescu is accused of facilitating include the Zeus and SpyEye Trojans. He also allegedly allowed his criminal clientele to execute DDoS attacks by hosting the BlackEnergy bot toolkit.
Paunescu kept a database to manage his server subleasing operation that included labels such as “zeus 100%SBL” and “100%SBL malware.”
The indictment shows he helped clients evade detection by law enforcement agencies by scanning lists of suspicious or untrustworthy IP addresses maintained by the Spamhaus Project. In case of a match, he relocated his…