A Malicious ".LZH" File Archive Compression Email Message
From: COURT ORDER email@example.com
Attachment: Court_Order.pdf (137 KB)
CASE_031952073.lzh (366 KB)
--- Notice to appear in Court #0368759073 ----
You are requested to appear in court on Monday the 27th of November 2018 at 10:00 AM.
Please, do not forget to bring all the documents related to this case.
Herein attached are the Court Order and other documents pertaining to this case.
ACE ID is: CASE#031952073
Note: The case will be heard by the judge in your absence (if you do not appear in court).
Clerk of Court.
The .LZH compression is similar to ZIP which is the most popular file compression or archive formats.
Cybercriminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.
What is a ".LZH" file?
LHA is a freeware compression utility and associated file format. It was created in 1988 by Haruyasu Yoshizaki, and originally named LHarc. A complete rewrite of LHarc, tentatively named LHx, was eventually released as LH. It was then renamed to LHA to avoid conflicting with the then-new MS-DOS 5.0 LH command.