Wednesday, July 20, 2022

Bulletproof Hosting Service Cybercriminal "Virus" Extradited

 Mihai Ionut Paunescu, a Romanian National known as “Virus” was extradited for operating “Bulletproof Hosting” service that facilitated the distribution of destructive malware.  Bulletproof hosting operations are similar to regular web hosting. Bulletproof hosting services are often found in countries with more relaxed laws about what type content is hosted on these servers, and also have less strict extradition laws, therefore making it easier to evade law enforcement. Due to the different laws in different countries, this creates a huge grey area that allow the owners to claim immunity to what their customers host. Bulletproof Hosting is the technology behind of malware, ransomware, botnets, and the like. 




A lot of the owners of these facilities take the approach that they are just a service for customers. Many of these hosting servers have massive amounts on data on them, and it can be very difficult to track every move each customer makes. John Karlung of Banhoff Hosting states that his service is like the postal service—“a mailman doesn’t read the mail, he just delivers it.” He claims that his hosting is a legitimate law abiding service, and that any nefarious activity lies with his customers. He is also an advocate for privacy for his customers, and requires a formal warrant to remove any of his servers.

However, the DOJ and FBI announced today that  Mihai Ionut Paunescu, a/k/a “Virus,” a dual Romanian and Latvian national, was extradited from Colombia for running a bulletproof hosting service that enabled cyber criminals to distribute the Gozi Virus, one of the most financially destructive computer viruses in history.  It is also alleged that Paunescu  enabled other cybercrimes, such as distributing malware including the “Zeus Trojan” and the “SpyEye Trojan,” initiating and executing distributed denial of service (“DDoS”) attacks, and transmitting spam.  Paunescu was initially arrested in Romania in December 2012 and released on bail, and he was arrested again in Colombia last year at the request of the United States.  Paunescu was presented yesterday before U.S. Magistrate Judge Gabriel W. Gorenstein and detained.  The case is assigned to U.S. District Judge Lorna G. Schofield.

The Gozi Virus is malicious computer code or malware.that stole personal bank account information, including usernames and passwords, from the users of affected computers. The Gozi Virus infected over one million victim computers worldwide, among them at least 40,000 computers in the United States, including computers belonging to the National Aeronautics and Space Administration (“NASA”), as well as computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey and elsewhere, and it caused tens of millions of dollars in losses to the individuals, businesses, and government entities whose computers were infected.  Once installed, the Gozi Virus – which was intentionally designed to be undetectable by anti-virus software – collected data from the infected computer in order to capture personal bank account information, including usernames and passwords.  That data was then transmitted to various computer servers controlled by the cyber criminals who used the Gozi Virus.  These cyber criminals then used the personal bank account information to transfer funds out of the victims’ bank accounts and ultimately into their own personal possession.

The Zeus Trojan is an insidious malware kit commonly used to steal banking information. With millions of Windows computers infected, it’s one of the most widespread and successful strains of malware in the history of the internet

SpyEye is a malware program that attacks users running Google Chrome, Opera, Firefox and Internet Explorer on Microsoft Windows operating systems. This malware uses keystroke logging and form grabbing to steal user credentials for malicious us

Paunescu, 37, of Bucharest, Romania, is charged with one count of conspiracy to commit computer intrusion, which carries a maximum penalty of 10 years in prison; one count of conspiracy to commit bank fraud, which carries a maximum penalty of 30 years in prison; and one count of conspiracy to commit wire fraud, which carries a maximum penalty of 20 years in prison. This case is being handled by the Office’s Complex Frauds & Cybercrime Unit.  Assistant United States Attorney Sarah Lai is in charge of the prosecution.


No comments: