This Morning, as I was checking my E-mail in the various accounts I maintain, I found what I believe to be a real nasty. It was in a yahoo mail account, and niether the Norton that yahoo uses or my CA antivirus software tripped to it (but to be fair I never even tried to open it).
The social engineering is what is going to make this a nasty one.*** yahoo.com 's accounting dpt notice ***
Internet Billing Notice
Please press "open" and read the attached Billing Notice.

Note if you do not read this withing 24 hours we at yahoo.com regret we will have to terminate internet service. (Notice the spelling errors)

The attachment has a .hta file extension which should trip some triggers, but probably won't.
I have notified yahoo of the existance of this, but have not heard anything back from them so far.
If anyone wants to play with this and see what makes it tick, PM me your e-mail addy and I will forward it to you intact.

Oh yay. Yet another phish going on. You know, I think these will be the new big thing this year, not worms.

It's too easy.

I got an answer back form yahoo on this. I guess they don't care if someone is spoofing their name to send virus with.
All it said was.....hell read it yourselves:
Hello,

Thank you for writing to Yahoo! Mail.

Email messages themselves cannot contain viruses, however the files
that
are attached to messages can. Yahoo! Mail provides free scanning of
all
inbound and outbound attachments to all users who access incoming mail
through the web interface.

If a file that you are attaching to your email to send to someone else
has a virus, your computer may be infected. The Norton AntiVirus system
on Yahoo! Mail may be able to clean the file you are sending out, but
it won't be able to clean your computer. If you wish to purchase Norton
AntiVirus to protect your computer, click on the Norton AntiVirus logo
in the scan results page or the attachments.

This virus scanner may not be able to detect or repair all viruses and
variants. Please be aware that there is a risk involved whenever
downloading email attachments to your computer or sending email
attachments to others. As stated in the Yahoo! Terms of Service,
neither
Yahoo! nor its licensors are responsible for any damages caused by your
decision to do so. The Yahoo! Mail team recommends that you never
download documents from an unknown source.

Yahoo! Mail is a web-based email system. Your email messages, address
book and other account information are stored on Yahoo!'s servers,
rather than on your computer. Because of this, simply viewing your
Yahoo! Mail email messages does not make your computer vulnerable to
computer viruses.

In addition, attachments sent along with email are not a threat to your
system if you do not download them. However, if you choose to download
an attachment by either opening it or saving it to your computer, your
computer does then become vulnerable to computer viruses (The same is
true of all files you download to your computer, whether email
attachments or not.).

For this reason, we recommend that you do not download attachments or
other files from any source that you do not know and trust. When you
receive an attachment that we can scan, you will be given the
opportunity to "Scan with Norton Antivirus" or "Download without
Scanning". As a further precaution, we recommend that you choose to
scan
your attachments whenever this option is available. Following these two
suggestions will greatly reduce your likelihood of experiencing trouble
from computer viruses.

If you believe you have a virus on your system, we recommend that you
install an anti-virus program and contact your computer's user support
group for assistance.

Thank you again for contacting Yahoo! Customer Care.

Regards,

Yahoo! Customer Care
I sent them a reply to the effect of -- If you don't care then I certainly don't.

hmm standard robot reply, it saw the key word virus.. so that was the reply it sent you..
Had similar problem with TRend-micro..
try another message.. and don't use the word virus.. try some thing like "Fraudulent use of Yahoo name in correspondence" (Spelling?).. When the robot thinks(?) the message is relevent enough.. it may get passed on to a human..

cheers