They did say this more than a week ago "DO NOT DOWNLOAD ANYTHING
If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM."
The mail simply said to report back to them if this request was made fraudulently and listed the IP address of the guy who tried it => the one I posted in the OP.
Maybe someone could get an official comment and see whether
Mt.Gox@w001.mo.us.xta.net is a "proper" MtGox email address / domain or fake, too.