To help you determine whether a particular alert is worthy of Chicken Little or is truly dangerous, here are translations for some of the most common threat terms.
Drive-by download: A big one. If a program or operating system bug allows drive-by contamination, your PC can become infected with malware if you simply view a malicious Web site. You don’t have to download anything or click any links on the poisoned page.
User interaction required: You might think that you’d have to download a file or open an attachment to get hit by an attack described in this way. But experts often apply the term to simply clicking a link that will deliver you to a page containing a drive-by download.
Zero-day: Potentially major, but not always. This term most commonly refers to a flaw (and perhaps an attack exploiting it) that surfaces before a fix is available. If the attack is ongoing (see “in the wild”), watch out. But many alerts or stories play up zero-day flaws that aren’t being hit and may never be; see the next entry.
Proof-of-concept: A flaw or attack that researchers have discovered but that bad guys have yet to exploit. If the alert says something like “proof-of-concept code has been released,” crooks are very likely to create a real attack with that sample. But many evil-sounding proof-of-concept attacks never get weaponized.
In the wild: The opposite of proof-of-concept. When an exploit or malware is in the wild, digital desperados are actively using it. If the term is being used to describe attacks against a software flaw, make sure that you have installed the application’s latest patches.
Remote code execution: This kind of flaw allows an attacker to run any command on the victim’s computer–such as installing remote-control software that can effectively take over a PC. Holes of this type are dangerous, so take notice when you hear of one.
Denial of service: Not so bad. This term usually describes an attack that can crash a vulnerable program or computer (thereby denying you its service) but can’t install malware. Occasionally, however, crooks figure out how to transform a denial-of-service flaw into a concerted attack that allows remote code execution.
Of course, your best bet is to apply security patches as they’re released, whether to fix a proof-of-concept denial-of-service flaw (yawn) or to address an urgent zero-day drive-by download threat.