Unexpected Sales tool

So my biz partner goes to her usual group meeting this morning and instead of running her presentation on what my company offers she instead decided to educate the group about conficker...

Well, long story short now the entire mass is quite freaked out and wondering what to do about it and my phone for the first time in weeks is ringing...

Who isn't above a little scare tactics to drum up business when things are short eh?

Anyway, thanks to...

http://forums.untangle.com/showthread.php?t=7393

I can now pitch Untangle to these people because I have a "magic bullet" with the UT in place to detect the presence of that bug specifically. And in so doing harden thier networks further against threats like this in the future.

However, if I manage to get a positive response from the market using this tactic, can we get regular updates like this into the UT product? When those news worthy worms pop up it would be helpful for the existing UT customer base to know that they are being watched on a proactive basis, on a network level.

I think it does a great job of highlighting the service behind the Untangle product, which honestly is the only way I've been able to pitch this thing. And it would help to add some brad recognition into the system later.

Ive always said, If you yell "The sky is falling" loud enough everyone in your immediate area will hear, and 1 or 2 might look up. ;)

The biggest thing with conficker is the lack of patching...

Yes, and the idea is to get the customer to let me do a network maintenance to get all the boxes patched, but while I'm at it I may as well pitch in a UT to help with this issue in a more global sense.

If panic is the tool I need to use to get in the front door so they will let me care for things sanely...

Still, I'm thinking that developing a SQL query that can hit the UT database to check the traffic logs for signs of common nasties would be quite nice.

the problem on the conficker query is it also shows legit updates to things like checkip.dyndns.org which if you're running the service, trips that posted query. A detailed report showed me that it was the dyndns.org then I checked the ip and remembered that it was running the updater too. Need a more detailed query to show the username such that it may not cause unnecessary panic.
The emergingthreats snort rule updates I wrote has been handy as it's flagged a couple zero day hits already a clients. It does take a bit of tweaking though as it also shutdowns down in default mode, a number of common https order sites, banking, hotmail and p2p stuff, not all a bad thing unless you really want to use them. Took a couple weeks to get through everything I wanted.
Dave