More Worms: of the Virii kind

Slashdot has a tid-bit on a ZDnetAsia article involving Yahoo's webmail and a nasty little Javascript worm.  For starters, who the hell turned Javascript availability on in web based mail?  Thats just plain asking for something like this.

Anyway, seems the worm has a path for destruction, here is what many feel it is doing.  So be warned, oddly enough, Symantec is rating the threat as a "2" on their 1-5 scale.

1) Arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:

From: Varies
Subject: New Graphic Site
Message body: Note: forwarded message attached.

2) Once the email is opened the worm exploits a vulnerability in the Yahoo email service to run a script.

3) Sends a copy of itself to certain email addresses gathered from the Yahoo email folders.

4) Targets email addresses from the @yahoo.com and @yahoogroups.com domains.

5) Contacts the following URL:

[http://]www.av3.net/index.htm

6) Sends a list of email addresses gathered to the above URL.