Gozi Host 'Virus' Sentenced to 3 Years in US Prison

Mihai Ionut Paunescu Provided 'Bulletproof Hosting' for Trojans
Gozi Host 'Virus' Sentenced to 3 Years in US Prison

A Romanian national who hosted the digital infrastructure behind banking Trojans that facilitated the theft of tens of millions of dollars will serve 22 months in U.S. federal prison after being sentenced Monday to 36 months.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Mihai Ionut Paunescu, 39, pleaded guilty earlier this year to one count of conspiracy to commit computer intrusion with intent to defraud. He will receive a 14-month credit on his sentence for serving that time in Romanian and Colombian custody. Romanian authorities arrested him at the U.S.'s behest in 2012 and detained him for two months. He spent a year in Colombian jail pending extradition to the United States. Paunescu must also forfeit $3.5 million and pay restitution of nearly $19,000.

Authorities from Colombia extradited the Bucharest resident last July after detaining him in the Bogotá airport in 2021 after U.S. authorities included Paunescu on an international watchlist (see: Romanian Who Allegedly Sold Malware Hosting Extradited to US).

Paunescu, who went by the moniker "Virus," helped distribute the Gozi virus, the Zeus banking Trojan, the SpyEye Trojan and BlackEnergy distributed denial-of-service malware through a "bulletproof" hosting service, the Department of Justice said.

His sentencing concludes a 10-year effort by prosecutors against a trio of hackers who together created and distributed the Gozi banking Trojan. Russian national Nikita Kuzmin, pleaded guilty in 2016, and received a sentence of time served and restitution of nearly $7 million because of his cooperation with investigators. Kuzmin ensured cybercriminals could customize Gozi with web injects targeting specific banks and developed a malware-as-a-service model for Gozi. Latvian national Deniss Čalovskis, who coded the web injects, also received a sentence of time served, in 2016.

Paunescu's role was to provide the underlying IT infrastructure. He rented IP addresses from legitimate internet service providers and re-rented them to cybercriminals, ensuring that the IPs did not appear on law enforcement lists. He also relocated customer data to different networks and IP addresses, sometimes to other countries, to prevent them from being on the radar of private security or law enforcement officials. A sentencing document from prosecutors says Paunescu used the IP address registered to his mother's address to host a command-and-control server for BlackEnergy.

He facilitated the distribution of "some of the most serious malware circulating at the time" and "made considerable money from it," said Judge Lorna G. Schofield, of the U.S. District Court for the District of Southern New York, during sentencing.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.