转载:http://www.itwire.com.au/content/view/4613/53/
Symantec has identified a new JavaScript worm that exploits a vulnerability in Yahoo's web-based email to infect users' machines when they merely open an email message - without even opening an attachment. The JS.Yamanner@m worm spreads itself to the user's Yahoo email contacts, but only those with @yahoo.com or @yahoogroups.com are affected.
There is not patch yet, and users should block emails sent from av3[at]yahoo.com. If users open an infected e-mail, their browser window is redirected to http://www.av3.net/index.htm. Symantec has categorized worm as a relatively low Level 2 threat.