While this is certainly worth being aware of, I only see this as different from other web based vectors in the high profile nature of Wikipedia. I think there is am implicit assumption in the coverage of this that users would treat Wikipedia links differently than other web sites. Really, how is this any different than someone using a social network site to link to malware? Or any number of other content systems for which users can easily register?
I guess the malware authors assumed users would treat Wikipedia with more trust, even though there is no logical reason to do so. You ask me, trying to goad traffic into the malicious link via email tipped their hand. Regardless, I guess we still need to beat the drum of trust no one, for the cynically minded, or trust but verify, for the more charitable.