The LZH File Archive Compression Malicious Email Attachments

A Malicious ".LZH" File Archive Compression Email Message

From: COURT ORDER legal@highcourt.com.au

Attachment: Court_Order.pdf (137 KB)

CASE_031952073.lzh (366 KB)

--- Notice to appear in Court #0368759073 ----

You are requested to appear in court on Monday the 27th of November 2018 at 10:00 AM.

Please, do not forget to bring all the documents related to this case.

Herein attached are the Court Order and other documents pertaining to this case.

ACE ID is: CASE#031952073

Note: The case will be heard by the judge in your absence (if you do not appear in court).

Yours faithfully,

Jane Schmitt,

Clerk of Court.

The .LZH compression is similar to ZIP which is the most popular file compression or archive formats.

Cybercriminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.

What is a ".LZH" file?

LHA is a freeware compression utility and associated file format. It was created in 1988 by Haruyasu Yoshizaki, and originally named LHarc. A complete rewrite of LHarc, tentatively named LHx, was eventually released as LH. It was then renamed to LHA to avoid conflicting with the then-new MS-DOS 5.0 LH command.

Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.

Note: Some of the information in samples on this website may have been impersonated or spoofed.