Hitman Pro writeup about the Yahoo malvertizing incident
It's an excellent write-up, and worth a read:
Lessons for the layman: keep all software on your computer up to date and get rid of Java (you know, the stuff that runs java applets). Run antivirus and keep it up to date (but remember, antivirus is more reactive than proactive and may not catch the really new stuff).
Make no mistake, Yahoo are the victims here as much as those people who are left with infected computers. If you are a publisher or in ad-ops, do what you can to avoid the miscreants: http://www.anti-malvertising.com/