Upload any Windows executable you like to a web server.
Set up the web server to send .exe files as text/html.
Post links to the file, cloaking them as http://firstname.lastname@example.org/virus/whatever via the previously announced URL cloaking bug.
Wait for anyone using Internet Explorer to click on the innocent-looking link and get asked if they want to open the HTML web page.
Cackle as their computer downloads the executable and runs it, without prompting them further.
Solution: Switch to Mozilla, or don’t click on “Open” to open files.