An email promising racy pictures of teenage Russian pop group Tatu is, yes, a new Trojan.

Sophos has warned about clicking on the malicious attachment. The Banito-BE Trojan horse, according to Sophos, has been sent out to email addresses around the world promising intimate information on the duo, best known for their schoolgirl outfits and sexually charged performances.

The email has three files attached, one of which is a malicious file that could give hackers access to PCs, Sophos says. TATU.CHM is a malicious compressed HTML help file, which offers an album of images but also opens up the PC to malicious activity. Sophos says the potential harm of such files includes data and ultimately financial theft.

"This Trojan exploits the still widespread interest in the Sapphic school uniform-wearing pop duo's personal life, in order to log computer keystrokes, hijack users PCs and steal information," said Graham Cluley, senior technology consultant at Sophos, in a media alert on the security threat. The company also notes that the discovery of the Trojan coincides with the release of a 20-song Tatu retrospective earlier this month.

To avoid infection, email users should not click on the attachment and IT departments should implement email gateways to protect their PCs in a consolidated manner, Sophos recommends.

Other Trojan horses have exploited public interest in celebrities such as Halle Berry, Anna Kournikova, Jennifer Lopez and Britney Spears, who last year was ranked the top virus celebrity. "This celebrity-related malware has not been designed for mischief-making - its purpose is financial gain," added Cluley.