Could Sunny please kindly explain the impact of “transaction malleability” on both bitcoin and ppc. It seems has a bigger impact now than lots of people thought. Thanks.
I’m not Sunny King, but I think I can help with your question.For you to really understand the concept of transaction malleability, you have to understand how transactions in bitcoin and peercoin work. Every transaction has inputs and outputs. Nowadays, nearly all bitcoin transactions have at LEAST 2 OUTPUTS. The 1st output is the receiving address (the persons public address your sending the btc to). The 2nd output is a random address generated by the bitcoin protocol for you (the sender) but you never see it (when using the Qt-client). The purpose of this 2nd output is to give back your change in the transaction. The bitcoin protocol sends your change back to you using the address it randomly generated for you. Now, this is were the issue begins. The bitcoin protocol is designed so that you, ‘the sender’ don’t need to wait for any confirmations in order to receive your change. Now imagine if you can send that ‘change’ you just got back from a transaction that isn’t confirmed yet (the whole transaction has 0 confirmations at this point) to someone else. So, you decide to send the ‘change’ you just got back (they appear to never have left your wallet) from a transaction (we’ll call A) that has 0 confirmations, and you get lucky enough that the new transaction (we’ll call B) gets one confirmation before the first transaction (A) does. That means that A gets invalidated and B gets sent through and validated. At the moment, the BTC blockchain is getting flooded with dust transactions 0.0000001BTC and such trying to exploit this issue.
Feel free to add to this explanation if i missed something. Cheers. 
If you want a more detailed explanation check this post out. http://bitcointalk.org/index.php?topic=460944.0
The way I read it is that when you create a transaction you get assigned the transaction ID. The malleability attack changes your transaction ID and your transaction gets confirmed with new ID. Then in turn you tell the sender based on the original transaction ID that you never got the coins and he/she resends. You do it over and over till you empty their wallet. And yes, all coins have the same issue as they are based on bitcoin, but the issue is a problem for custom wallets with large amounts of transactions, as the smaller ones can check the blockchain based on the receiver and senders address in addition to the TXID.