Users of Yahoo's webmail service beware, a new worm has been released into the wild that specifically targets people using that particular Yahoo service. The worm, called JS-Yamanner, is based on JavaScript and exploits a vulnerability in JavaScript that allows embedded scripts in mail messages to run unchecked. Once properly infected, the worm goes about its propagation by sending itself to all contacts on a Yahoo mail list, along with collecting a list of email addresses and calling home with a copy of them. It appears that only addresses ending in @yahoo.com or @yahoogroups.com are affected by this, though clearly it has the potential to go much further.
Until Yahoo patches their webmail software to properly check and block for these attacks, an updated virus scanner is as always suggested. Any machine on the Internet should always be kept up to date with security patches available for it.