Understanding the Direct Action Virus
Any user who has ever been infected can tell you that computer viruses are very real. These programs are typically distributed from host to host via email or a website that has been compromised. Some are even attached to legitimate files and unknowingly executed by a user when they launch a particular program. A virus is much more than the commonly perceived malicious code that functions with the intent to destroy. They are classified by type, origin, location, files infected and degree of damage. These common attributes are relative to most and all can have an adverse effect on your operating system.
While there are many different types of viruses, many of them are generally classified as file infectors. This type of virus is known for attaching itself to specific files in an operating system. It usually infects files with EXE. (execution) or COM. (command) extensions, though some may corrupt extensions used for interpretation such as SYS, OBJ, SYS, PRG and BAT files. More sophisticated variants are able to infect source code files by inserting a malicious code into a system's C language file, replicating the infected function in any execution produced from the corrupt source files.
A file infector can be either a resident virus or direct action virus. A resident virus will install itself and hide somewhere in the memory of your computer. Upon execution, it seeks out other files or programs to infect. The direct action virus is considered to be "non-resident" and functions by selecting one or more files to infect each time the code is executed.
The primary intentions of a direct action virus is replication and to spread infection whenever the code is executed. When certain conditions have been met, the virus is set into action and begins to infect files in the directory or folder it's located in. It also infects those in directories attached with the AUTOEXEC.BAT file path. This extension represents a batch file which is always found in the root directory of your hard drive, responsible for performing certain operations when the computer is booted up.
One of the earliest detections of a direct action virus was the Rugrat, more commonly known as Win64.Rugrat. This virus was said to the first infection written in the Intel Itanium instruction set. This limited the infection to only run on Itanium-based computers as it was only capable of infecting Itanium executable files. Upon execution, the virus attempted to infect all 64-bit executables in the directory from which it launched and any subdirectories.
In most cases, a direct action virus will not delete your system files or falter the overall performance of your computer. It can however, prevent access to particular applications and files. Because this type of infection has minimal impact on the victim, most viruses these days are of a resident nature and capable of inflicting much more damage.
The best defense against any type of infection is a virus scanner that will not only detect a threat, but eradicate it as well. Direct action viruses are easy to spot and the infected files can be fully restored to their original condition.