A year after the big virus bounty was announced, authorities still have yet to make an arrest in the Sobig case. One group of anonymous forensic programmers has released an exhaustive analysis of the code and related factors. Their research even leads them to name a specific individual. I don't know if their conclusions are correct or not, but the paper showcases an amazing investigative effort. It's well worth reading.