How GUID tracking technology works

How?

Office 97 and Office 2000 are chief among the MS applications containing the capability. They assign each document a different identifier.

Of course, that, in itself, wouldn't pinpoint any particular machine, or user -- unless, that is, the system contains an Ethernet adapter, the device used to connect a PC to a local area network.

If it does, the GUID serial number is created by adding additional digits to a single, and unchanging, address hardwired into the adapter. That means every GUID from a single Ethernet adapter also contains the same 12 digits.

This ability to link documents with a specific Ethernet adapter address was first disclosed by Richard M. Smith, president of software tools maker Phar Lap Software Inc., earlier this month.

It's almost impossible to match a single Ethernet card address to a specific computer. Plus, the GUID "fingerprint" only identifies the original creator of the document, not those who may later modify it. And anyone with a special program code editor can change the GUID on any document.

But in the case of Melissa, luck may have overcome these obstacles.

In investigating Melissa, Phar Lap's Smith posted a newsgroup inquiry. A Swedish computer-science student who saw the posting told Smith Melissa reminded him of three other viruses posted in 1997.

Together, they were able to track the virus to a specific Web site.

But so far, the serial number has failed to guide anyone to Melissa's flesh-and-blood creator.