The way this works is that someone you know will send you a link to a web page... typically managed by something major. Like Yahoo.
The only problem is, it's not Yahoo. It's a page owned by someone else.
It realllly looks like Yahoo. If you log onto it (thinking it's Yahoo) the page will come back telling you that the server is down.
In the mean time, the Username/Password is now the possession of the people that put up the web page.
What will happen next is that an automated system will use your Username and Password to log onto Yahoo Messenger. It will promptly log you off and change your password. Next, it will send the same message you received with the Evil URL to people on your friends list.
This is to bait people on your behalf.
Recovering your account is a NIGHTMARE:
4/12/05 I am hacked
The hacking details
4/14/05 Seeking resolution
4/14/05 I go directly to the Yahoo Board of Directors
4/15/05 I win
So.. warning... it's out there. And good luck to AlSv... That's the account that has me on the buddy list that's been compromised sending to me.