It's pretty obvious that you don't understand.
FBI -> Gave URL of fake article to suspect.
Suspect -> Clicked on URL.
Web server hosting fake article logged IP address of requester , then sent article to suspect using the IP that was just logged.
Note: ANY WEB SERVER WOULD HAVE DONE THE EXACT SAME THING. The FBI agent could have sent the URL of a real news article and on the log of that web server, the suspect's IP address would have been recorded. However, there would also have been a lot of other IP addresses recorded as well from other people who also looked at the news article rendering the issue into a needle in a pile needles search. The advantage of the fake article is that the only person who would request that article would be the suspect since the general public would have been unaware of the article and the URL to said article. No malware involved. Just a normal everyday web server with an URL known only to the FBI and given to the suspect. Suspect tricked into accessing the page and thereby giving his IP address to the FBI. They could have even make it so the web page didn't exist and having a 404 error sent back to the suspect. It would have had the exact same effect, but might have made the suspect cautious or aware that something unusual was going on.