That didn't take long at all.
So, I got a notification from corporate security that there was a piece of malware around that it taking advantage of the popularity of Mandiant's APT1 report. That's a huge deal, but one should really be checking downloads against Mandiant's posted MD5s anyways.
Bottom-line: do not open it (verifiy the PDF if you can...if you can't don't open it).
I've reported it to ISC.