A Romanian man accused of distributing a computer virus that hit over 1 million computers has been extradited to the US. The suspect, 37-year-old Mihai Paunescu, allegedly ran a hosting service that helped distribute the Gozi virus, which caused tens of millions of dollars of financial losses worldwide.
First discovered in 2007, the Gozi virus was able to go undetected as it stole bank account information from computers – 40,000 of which were in the US, with 140 belonging to NASA.
Dubbed “one of the most financially destructive computer viruses in history,” the virus was disguised as a PDF document that, when opened, secretly installed the virus on the victim’s computer. Once installed, the Gozi virus – designed to be undetectable by anti-virus software – collected data to capture personal bank account information, including usernames and passwords.
This information was transmitted to computer servers controlled by cyber-criminals, who used the details to transfer funds from victims’ bank accounts.
Paunescu has been charged with conspiring to commit computer fraud intrusion bank and wire fraud. He allegedly enabled other cybercrimes, such as “distributing malware including the Zeus Trojan and the SpyEye Trojan, initiating and executing distributed denial of service (DDoS) attacks and transmitting spam,” the US Department of Justice (DoJ) said.
Paunescu was initially arrested in Romania in December 2012 and released on bail, and he was arrested again in Colombia last year.
Paunescu is the latest arrest relating to the Gozi virus. Nikita Kuzmin, the Russian who allegedly created the virus, was arrested in 2010 after traveling to a conference in the US and pleaded guilty the following year in an agreement with prosecutors.
In 2016, Kuzmin was ordered to pay $6.9m to cover losses to bank customers after spending three years in jail, but he was spared further US prison time. A Latvian man who admitted to having written some of the computer code was sentenced to time served after spending 21 months in prison.
Javvad Malik, lead security awareness advocate at KnowBe4, said Paunescu’s extradition “sends a strong message to other would-be criminals as to the seriousness of their actions and the consequences.”
Ian Thornton-Trump, CISO at Cyjax, said the extradition is “great news” given “the financial damage during that period of time while these cyber-criminals were in operation.”
“It certainly illustrates the need for more expeditious international cooperation between countries,” Thornton-Trump added.