Two researchers from the Institute for Cryptology and IT-Security have generated PostScript files with identical MD5-sums but entirely different (but meaningful!) content.
Ok, so this really is a pretty amazing demonstration of MD5 collision, as it uses two PostScript files (both available for download) which render two vastly different documents but both produce the same MD5 hash. Scary.
In this example, however, note that the files used are PostScript files, and as one commenter at Schneier’s page suggests:
The drawback of this attack is that the proof of bad intent lies within both documents. That is your “evil” content exists within the “innocent” document and vice versa, so that if the documented is opened in a text editor you can realize what is going on.
The overview by Magnus Daum and Stefan Lucks is very good and I highly recommend that you pull down their example files and see this firsthand.