Yahoo has patched a bug that was letting attackers hijack systems through a flaw in the portal's free Web-based email service.
According to the SANS Institute's Internet Storm Watch, there were actually two variants circulating.
"The release of a new version barely two hours after we started our analysis which partially fixes the first version indicates that the code is very much under development and you should assume that the remaining bugs will be rapidly ironed out," wrote ISW analyst Arrigo Triulzi in an online alert.
However, by Monday afternoon Yahoo said that it had plugged the hole, but was vague about the steps it had taken.
"Yahoo detected a worm on Monday morning which impacted a very small fraction of Yahoo Mail users," spokesperson Kelley Podboy said in an email to TechWeb. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user."
Yahoo Mail is the leading free Web-based mail service, with a reported 200 million accounts.
UKFast is not responsible for the content of external Internet sites.