This little chap arrived in my spam box today, and almost got over-looked (I was checking the newest e-mails leading to the Blackhole exploit (one of which, couldn't decide if it was from LinkedIn or the FDIC)), and not surprisingly, is fake.
The Payload, all 593KB of it, infects the unwitting victim with the SpyEye trojan. VT detection is utterly rubbish of course - only 2 vendors detecting it.
Quite why Sophos is calling it Ropian, is puzzling.
The URL you're linked to, is on a FastHosts IP, and redirects to a different folder on the same server, to download the actual payload.
IP PTR: static77-68-16-117.live-dsl.net
ASN: 15418 184.108.40.206/17 FASTHOSTS-INTERNET Fasthosts Internet Ltd. Gloucester, UK
E-mail body (for those of us that use plain text)