SANS ISC shares awareness of how some malware attackers use numerous advanced techniques to evade detection by AV & other security defenses.  This remote trojan attack has been disabled but illustrated dangers related to attachments & weblinks

https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/

The file was received as an attachment to a mail that pretended to be related to a purchase order. The file was called “P0-65774383__pdf.tar.lz”.  The double extension can be processed with lunzip on REMnux,  This is a strange way to deliver the payload because files with the extension ‘.lz’ are not supported by default on Windows systems. There is no tool associated with the extension.