Romanian man extradited to US over Gozi virus hacking charges

A dual Romanian and Latvian national has been extradited to the US from Colombia for allegedly running a “bulletproofing hosting” service that enabled cyber criminals to distribute the Gozi virus.

Mihai Ionut Paunescu, 37 years old and also known as Virus, also allegedly enabled other cyber crimes, such as distributing malware like Zeus Trojan and SpyEye Trojan, initiating and executing distributed denial of service (DDoS) attacks, and transmitting spam, said federal attorneys yesterday.

The Gozi virus, first discovered in 2007, is malware that stole personal bank account information, including usernames and passwords, from users of affected computers, according to allegations in documents filed in Manhattan federal court. The virus infected over one million computers worldwide, including around 40,000 in the US, some of which belonged to NASA.

It caused tens of millions of dollars in losses to individuals, businesses, and governments whose computers were infected. Once installed, Gozi would collect data from the infected computer to capture personal bank account information which was then transmitted to various computer servers controlled by criminals who used the virus. They would then use the personal information to transfer funds out of victims’ bank accounts and into their possession.

“Bulletproof hosting” services helped cyber criminals to distribute the Gozi Virus with little fear of detection by law enforcement, said federal attorneys. Bulletproof hosts provided cyber criminals with critical online infrastructure they needed, including IP addresses and computer servers, in a manner designed to enable them to preserve their anonymity.

Paunescu allegedly rented servers and IP addresses from legitimate internet service providers and then rented these to cyber criminals. He also provided servers which were used as command-and-control servers to conduct DDoS attacks and monitored IP addresses he controlled to determine if they appeared on a special list of suspicious or untrustworthy IP addresses. Lastly, Paunescu also relocated his customers’ data to different networks and IP addresses to avoid being blocked as a result of private security or law enforcement…