> The virus itself was credited to Kwyjibo, who was shown to be the macrovirus writers VicodinES and ALT-F11 by comparing Microsoft Word documents with the same globally unique identifier
Not sure how that explains how the FBI caught David though. Can someone else elaborate? What sort of OPSEC fail is at play here?
Just a guess. Sounds like the global identifier is generated at installation, tied to a license key, or perhaps even a unique file/system fingerprint. When saving/creating a word document, the identifier is embedded in the document.
If the same identifier is found in documents for legitimate use and malicious use, one can associate the two identities.
One could potentially get a few suspects by approximating the time the the virus appeared, then looking at ISP logs and server files to determine when and who uploaded it, and go from there. If it was a legitimate copy of word being used, could be even easier.
> The virus itself was credited to Kwyjibo, who was shown to be the macrovirus writers VicodinES and ALT-F11 by comparing Microsoft Word documents with the same globally unique identifier
Not sure how that explains how the FBI caught David though. Can someone else elaborate? What sort of OPSEC fail is at play here?