Wed | Jan 26, 2022

Two men convicted in the US for elaborate scheme that infected up 400,000 computers

Published:Saturday | April 20, 2019 | 12:00 AM

Two Romanian men have been convicted in the United States (US) for running an elaborate scheme that used malicious software to infect hundreds of thousands of computers and steal credit card and other personal information for sale on the dark web, raking in millions of dollars.

Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud, the US Justice Department (DOJ) has announced.

They are scheduled to be sentenced on August 14.

According to court documents and evidence presented during their 12-day trial in the state of Ohio, Nicolescu, Miclaus, and a co-conspirator who earlier pleaded guilty, collectively operated the scheme from Bucharest, Romania.

American authorities say the scheme began in 2007 with the creation of a proprietary malware, which the men disseminated through malicious emails purportedly sent from entities such as Western Union, Norton AntiVirus and US Internal Revenue Service.

When recipients clicked on an attached file, the malware was surreptitiously installed onto their computer.

This allowed them to steal email addresses from the infected computer.

Malicious emails were also sent to the stolen email addresses.

At the height of the scheme, according to a statement from the DOJ, the men infected and controlled more than 400,000 individual computers, primarily in the US.

Controlling these computers, the DOJ said, allowed the men to harvest personal information, such as credit card information, user names and passwords.  

They disabled victims’ malware protection and blocked the victims’ access to websites associated with law enforcement.

Controlling the computers also allowed the men to use the processing power of the computer to solve complex algorithms for their own financial benefit, a process known as cryptocurrency mining.

Prosecutors say when victims with infected computers visited websites such as Facebook, PayPal, eBay or others, the conspirators would intercept the request and redirect the computer to a nearly identical website they had created.  

The men would then steal account credentials.  

The DOJ said they used the stolen credit card information to fund their criminal infrastructure, including renting server space, registering domain names using fictitious identities and paying for Virtual Private Networks (VPNs) which further concealed their identities.

The men were also able to inject fake pages into legitimate websites, such as eBay, to make victims believe they were receiving and following instructions from legitimate websites, when, in fact, they were following the instructions of the defendants.

As part of the scheme, the DOJ said the men placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction sites.

Photos of the items were infected with malware, which redirected computers that clicked on the image to fictitious webpages designed by the defendants to resemble legitimate eBay pages.

These fictitious webpages prompted users to pay for their goods through a nonexistent “eBay Escrow Agent” who was simply someone the men hired, prosecutors said.  

Users paid for the goods to the fraudulent escrow agents, who wired the money to others in Eastern Europe to hand over to the defendants.  

The victims never received the items and never got their money back.

We want to hear from you! Send us a message on WhatsApp at 1-876-499-0169, email us at or