1. Field of the Invention
Embodiments of the present invention generally relate to detecting data leakage, and, more particularly, to a method and apparatus that uses data tracking to detect data leakage.
2. Description of the Related Art
Information theft is a growing problem that costs consumers and businesses millions of dollars per year. Information theft includes identity theft, i.e., the use of another person's name and information associated with that name in an unauthorized manner. Associated information may include the person's social security number, credit card information, driver's license information, address information, and the like. Information theft also encompasses theft of computer information, such as user's login name and password. Theft of such computer information often leads to identity theft, or to theft of other important information such as sensitive text files, email messages, instant messaging communications, or database files.
The perpetrators of information theft have created a new class of computer software known as “crimeware”. Crimeware is software that has no legitimate or legal purpose. Crimeware is purposely designed to intercept sensitive information entered into a computer by a user and transmit the information to an unauthorized recipient. Crimeware applications include key loggers and trojan viruses designed specifically for this purpose. The crimeware application is capable of recording the user's keystrokes, storing the recorded information, and then transmitting the recorded information to the unauthorized recipient. Simple crimeware applications may take control of the user's email client and mail the recorded information to the unauthorized recipient. Other more sophisticated crimeware applications may transmit the recorded information through a dedicated network connection on the user's computer. Other crimeware applications may have their own mail server or ftp program built-in so they can transmit the recorded information from any user's machine connected to a network. The varieties and types of crimeware applications are endless.
Currently, crimeware applications are detected in the same way a virus program is detected. Anti-crimeware software, which is also typically anti-virus software, scans the crimeware application file and compares its contents against a set of signatures for known crimeware applications. If the generated signature matches a signature in the known group of signatures, then the crimeware application is detected and the anti-crimeware software can initiate an appropriate action. The appropriate action may include deleting the crimeware application, quarantining the crimeware application or prompting the user to the presence of the crimeware application.
The current solution requires the anti-crimeware software to be updated with new signatures for each crimeware application in existence. In other words, if the anti-crimeware software does not include a signature for a particular crimeware application, the anti-crimeware software will not be able to detect or identify that particular crimeware application.
Thus, there is a need in the art for anti-crimeware software capable of detecting a crimeware application for which the anti-crimeware software does not have a signature. The anti-crimeware software should also be capable of substantially preventing leakage of sensitive information from a computer to an unauthorized recipient of the sensitive information.