Microsoft tackles Hotmail hackers and boosts password security

Microsoft has rolled out new Hotmail features designed to make it easier to report suspected hacked accounts and encourage the use of stronger passwords.

The first is an additional tab on the drop down menu which allows users to choose 'Phishing scam' or 'My friend's been hacked' if they suspect that an account has been compromised and used to send spam.

Hotmail group programme manager Dick Craddock explained in a blog post that Microsoft's "compromise detection system" is always running in the background to detect unusual behaviour.

"When we detect bad behaviour from an account (like an account that suddenly starts sending spam), we mark that account as compromised. It's a bit like your credit card company putting a hold on your account when they detect suspicious activity," he said.

"When you report that your friend's account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked."

Craddock also explained that the Hotmail team had built new functionality preventing people from choosing weak passwords when they sign up or change passwords on their account, making it harder for criminals to guess the log-in credentials.

The update was welcomed by security researchers.

"What will be interesting to see is how attackers respond to this move, especially if other providers copy Hotmail. It will force attackers to use a different approach to how they spam from a compromised account," said Trend Micro senior threat researcher Robert McArdle.

"Obviously this is a game of cat-and-mouse, the security industry gaining an upper hand for some time before the balance flips back and forth between the two."