In this installment of Unsolved Cyber Mysteries, we dive deep into one of the most infamous worms in history—Code Red. Was it an experiment gone wrong or a carefully planned state-sponsored attack? This episode unravels the enigma that wreaked global havoc and brought top organizations to a grinding halt by exploiting vulnerabilities in Microsoft’s IIS software.

Code Red was a beast unlike any other we had seen before. It marked a shift in the threat landscape, demonstrating sophistication and purpose not seen in its predecessors. It wasn’t created out of benign curiosity; its code laid the foundation for future attacks.

Episode 3: Code Red

The worm’s name came from the then-new cherry-flavored Mountain Dew, which researchers Marc Maiffert and Ryan Permeh were drinking when they discovered it. More sinister speculation theorized that Code Red was retaliation for the Hainan Island incident, where an American intelligence aircraft and Chinese interceptor jet collided in mid-air, resulting in an international dispute between the United States and China.

Another theory circled the infamous coding group 29A and a member called Wintermute. Known for creating sophisticated worms, it wouldn’t have been beyond them to create something as complex as Code Red. However, the destructive nature of Code Red wasn’t in line with 29A’s usual creations, casting some doubt on this theory.

The attack’s origin also remains a topic of debate, with some pointing to Makati City, Philippines, and others to a university in Guangdong, China. Code Red’s code contained comments written in English, and its potential test environment was traced back to the Philippines. But without definitive evidence, we can only speculate.

Ultimately, the true origins and creators of Code Red remain shrouded in mystery. However, one thing is sure: it forever changed our understanding of the internet-connected world.

Love this series? Check out the Max Headroom signal hijacking incident or the WANK Worm.