Romanian national Mihai Ionut Paunescu, aka “Virus”, was sentenced to three years in prison by a federal court in Manhattan for running an ironclad hosting service and facilitating the distribution of malware Gozi (Ursnif), Zeus , SpyEye and BlackEnergy.

Bulletproof Hosting Services are web hosting companies in countries with lenient or unenforced internet laws that follow lenient policies regarding illicit content and activity by their customers. These types of services are also notorious for ignoring takedown requests from law enforcement and copyright holders.

The Department of Justice claims that Paunescu’s service facilitated the distribution of several families of information-stealing and banking malware, including Gozi (Ursnif), Zeus, SpyEye, and BlackEnergy, as well as launching DDoS attacks ( distributed denial of service) and the distribution of spam. messages around the world.

The Romanian was previously held in Colombia and Romania before being extradited to the United States, with police forces in both countries providing significant assistance to the FBI in uncovering the man’s cybercriminal activities.

“Paunescu ran a ‘bulletproof’ hosting service that allowed cybercriminals around the world to distribute malware that stole confidential financial information, crashed websites, and caused other damage,” commented US attorney Damian Williams.

“By allowing cybercriminals to acquire online infrastructure for their illegal activity without revealing their true identity, Paunescu’s ironclad hosting service has protected its criminal customers from law enforcement and cybersecurity professionals alike. by getting rich. Paunescu now faces a prison sentence and will have to give up his sick-gains.”

Unsealed court documents detail Paunescu’s activities, claiming he not only provided cybercriminals with hosting, but also leased IP addresses for legitimate ISP customers, C2 infrastructure for operations botnets, proxies to hide malicious traffic, etc.

Additionally, Paunescu allegedly monitored spam lists of IP addresses, and if those under his control were included, he activated circumvention mechanisms to evade blocking.

The indictment shares additional information about the defendant’s knowledge of the illegal nature of his clients’ operations.

According to the US Department of Justice, Paunesco maintained a database that kept track of rented servers, many of which used names clearly linked to malware.

At various times, from at least May 2012 until or around November 2012, PAUNESCU maintained a database describing certain servers it controlled or leased as being used for “spyeye 100% SBL”, “zeus 100% SBL”, 100%sbl, phishing [sic],” “100% SBL malware” and “fake av [antivirus] 100% SBL”, we read the DoJ indictment obtained by BleepingComputer.

The distribution of Ursnif (Gozi) was the most notable cybercrime activity supported by Paunescu’s hosting service, with the malware infecting more than one million computers worldwide.

Ursnif started out as a banking Trojan that later moved to initial access operationsand is estimated to have caused tens of millions of dollars in damages to individuals, businesses and government entities in the United States, Germany, United Kingdom, France, Italy, Finland, Turkey and elsewhere.

The announcement from the US Department of Justice highlights Ursnif’s impact on the country, mentioning that it has infected at least 40,000 systems, including some computers belonging to NASA.

In addition to the three-year prison sentence, Paunescu was also ordered lose $3.5 million and pay restitution of $18,945.

After his release from prison, the Romanian will enter a period of supervision for an additional three years.