Because the transactions will not be accepted by bitcoin nodes. Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data. It may even disconnect the other node and blacklist it. (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)
I can only barely understand the technical details of the paper, I must admit that. But if what your are saying is correct, how could thexy detect the TM after the media impact, if their algorithms were based on rejecting nodes? That i do not understand.
There are different ways to mutate a transaction. The "researchers" detected one special kind where both versions of the transaction were standard. Just an opcode changed to another with the same function. The vulnerable MtGox transactions were of a different kind and non-standard since 0.8, so they could only detect the version which was confirmed. Not the original from MtGox.
However, when it should turn out, that the paper is plain wrong, there is still a huge doubt about the purpordedtly loss of ALL BITCOINS by means of this "bug". The simple difference is, that we do not a have a proof yet.
I think at least 1257 BTC, and probably not much more, were lost through the malleability bug. Based on the fact that there were 1257 BTC in double spent inputs in the last full bitcoin_tx.php I could get hold of before they shut down. MtGox wouldn't detect the fact that the inputs were spent when the transaction got a new txid, and try to spend them again in another transaction.
Still there is one thing to check, in my opinion. The authors claimed that they could fit their recorded data to the database-data from Mt.Gox. That should be done before rejecting their work as "wrong", shouldnt it?
A few of MtGox's transactions may have been mutated this way as well. It is certainly an exception.
