"A downside to being open to users creating and editing pages became apparent when a malicious party posted a seemingly helpful page on Wikipedia. The criminals then turned to massively spamming people to draw them to the page.As it turns out, not only the edited pages had to be removed, but also the archive because the attackers linked to one of those older pages.
Those spams were crafted to look like they had originated at Wikipedia, Heise Online reported. In the messages, a warning about a new version of a Windows virus called Lovesan/W32.Blaster claimed demand for a new patch was so great Microsoft's servers were overwhelmed.
The spam invited the recipient to visit a Wikipedia page about the virus. That page contained links to a domain, wikipedia-download.org, where the visitor could download the purported new patch. Contents of that download have not been identified, but likely contain some form of malware."
This serves as a good time to remind everyone that Microsoft does not send out e-mail notifications regarding patches nor are Microsoft patches hosted at other sites.