1. Change your password!!!!!! While at it, also update your security questions and make your secondary email contact other than Yahoo-> use Google's gmail. When you change your password, Yahoo re-encrypts your session cookie based off that new password. Since the hackers still have your old cookie and with your password not changed, they still can send out emails without you knowing.
2. Do not click on emails that you do not know or go to websites that have these scripts that will steal your current cookies to access your accounts. How do you know if they have these scripts? You don't. That's why you don't open them. If you do click on them, you will need to change your password again.
3. Do a virus scan just in case but most likely they will NOT show up since it is NOT a worm/virus for your case. But, do a scan just in case to eliminate that possibility.
4. You can try to contact Yahoo, but like many have said, they won't do anything.
5. Always log out of your email when finished and never click on "Keep me logged in" check box to clear out the cookie
6. Make it a habit to CLEAN out your web browser cookies, since ANY site can have these security exploits without you knowing!!!!!
7. Export your contact list as a backup since some hackers are getting bolder and will delete all of them.
I did all these steps above and the emails have stop going out.
To Yahoo engineers/staff reading this: You should consider encrypting the current IP address within the cookie to ensure that whoever is using it, IS AT the current IP address and if not have the person re-log in with their ID and password to gain access.
If I told you the technical term for this Security exploit, more people would Google it and abuse it. Therefore I won't.