I got one of these phone calls in my inbox literally as I was reading this. It's from someone that got the popup on nytimes.com,
covered on slashdot earlier.
The person's claim is that they knew better, but it looked a LOT like Vista UAC etc, and that he was using Firefox and the way it was scripted it was very hard not to run it. He said he actually brought up task manager, killed Firefox, and when he re-ran Firefox, the same exact thing happened so he thought it was some crazy new MS security thing and that he had some kind of infected Firefox, so he clicked ok on a dialog, was expecting it to allow him to save the EXE, but instead it downloaded it an ran it.
Not sure I believe that very last part, but I personally just verified the rest of it on another site installing the same malware, and wow yeah, it's really hard to just make this thing go away. Try closing the firefox tab, it brings up a popup that makes it hard to make a decision about what to do because of the way its worded, then I finally killed Firefox, and when I ran it next time, sure enough it brought the same page back up (I guess this is a feature of Firefox in case it crashed you can get right back to where you were) and I had to download the exe to get out of it without going into configuration files.