Important: This is not like the old PDF exploits where the code would run when the file was viewed. This is instead a form of obfuscation where the compromised DLL has been concatenated with a valid PNG file. PNG readers will simply display the file normally; they are oblivious to the DLL code. The Graftor trojan, if it is already in your system, will try to download the PNG and, if antivirus/network filtering does not stop it from a successful download, will use the DLL that came bundled with the PNG.
So if I read this correctly, the idea is that the PNG fetch looks innocuous to traffic scanners but the fetcher code executes the included DLL? The PNG rendering code in the browser would just discard those bits.