Mal/Daymay-A is a malicious program for the Windows platform.
Detection for members of Mal/Daymay-A is behavior based. It is extremely important that customers report detections of Mal/Daymay-A to Sophos and send a sample for analysis.
The main purpose of Mal/Daymay-A is to participate as a node in a network of bots sending spam.
Members of Mal/Daymay-A set the following Registry entry to modify internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile\AuthorizedApplications\List
<pathname of the worm executable>
<Current Folder>\<original filename>:*:Enabled:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile\IcmpSettings
AllowInboundEchoRequest
1