What you are talking about is called a Blended Threat. It's not actually new. Klez was a mass mailing virus that dropped the Elkern worm which was network aware. That's a bummer if it gets into you corporate network.... It only takes one fool to trash a network for weeks.

The difference here is that the vector, (the email), doesn't carry it's own payload... it gets it by download from somewhere else. Technically this isn't a worm, it's a mass mailing virus. There isn't any indication of worm like behaviour whatsoever. The issue with it is that the AV scanners cannot determine the malicious intent or not of the remote url without reprogramming to download the remote page and scan that for malicious intent.

It's simply a new twist on an old concept.... A mass mailing virus..... This one just avoids the AV scanner by intelligent use of a flaw in IE.....