
The emails have three files attached. Tatu_1.jpg and Tatu_2.jpg are promotional images, but Tatu.chm is a malicious file which could give hackers access to the user's PC.
Sophos warned that the trojan could bypass security precautions at many company firewalls and email gateways as it uses the less well-known *.chm extension.
Tatu's lesbian-leaning onstage antics appear to have caught the imagination of adolescents, according to the security firm.
"This trojan exploits the still widespread interest in the Sapphic school uniform-wearing pop duo's personal life in order to log computer keystrokes, hijack users' PCs and steal information," said Graham Cluley, senior technology consultant at Sophos.
Sophos also noted a coincidence between the release of the email into the wild and a forthcoming CD retrospective of the group.
The malware is not the first time that entertainment industry celebrities have been exploited by cyber-criminals to spread viral loads.
Halle Berry, Julia Roberts, Jennifer Lopez and Britney Spears have all been used in the past to entice unwitting PC users into virally-compromising situations.