A network is probably the easiest way for anything malicious to access your virtualized environment, as explained here. If you plan on downloading from the virtual machine, you will likely be using a bridged connection. As soon as you use this, your virtualized hardware can be seen on the network. If you can be seen by other nodes, you are vulnerable to anything gaining access to your network. I'd suggest downloading the files and analysis tools first (anti-virus programs, process explorer, etc), then turning off your virtual machines network connection prior to testing anything. You can never be too safe.
As for putting it on different drives, it can increase your security if the malware coder wasn't very smart, but it's easy to find other available drives via the Win32 API function GetLogicalDriveStrings.