Actually, I was hit by something similar via my Yahoo email account just a few weeks ago
I clicked on a link (in an email that I thought was valid) but did not verify the link first. Yeah , stupid I know.
It was an email from a friend and the subject matter appeared similar to what we'd been discussing recently.
I was signed into my email a/c at the time and the Javascript code on the site managed to access my Yahoo contacts and broadcast the same spam link to many of my contacts - including subscription list email addresses. Ticked me off no end.
I was using Opera 11.64 at the time and thought my Yahoo a/c had been hacked.
The IP sign-in logs in the Yahoo account had only my IP address - the last sign-in was the day before.

If anyone would like see the specific links, PM me.

Phishing target site at WOT:  http://www.mywot.com/en/scorecard/wa15news.net
Whois info : http://whois.domaintools.com/wa15news.net
This was one target site as well:  http://whois.domaintools.com/ca15news.net

Pity it was not caught by OpenDNS phishing checks.
Unfortunately, I also had Opera's Fraud and Malware Protection turned off (not any more though).

I currently use OpenDNS - just the generic filtering servers that restrict phishing, proxy sites etc.

K9 specifically met this criteria though  - I had success with it when I used to use it.

..I would like one that prompts for a password

Once installed, it's really not easy to bypass at all.