I am currently unable to post any comments anywhere on Quora. It seems moderation has suspended my commenting privileges. Buckle up, the reason is a wild ride.
In the past few months, I’ve noticed more and more often that Quora is being used as a platform for malware distributors to ply their wares. I’m increasingly often seeing spam on Quora that doesn’t go to shady pharmacy sites or dodgy penis-pill mongers, but to sites that redirect, often through multiple intermediaries, to malware.
A while back, I found a Quora “SEO spammer” whose spam posts go to a site that, thanks to a malicious JavaScript, redirects to malware. It’s not a consistent redirection; sometimes it shows a banner ad from a shady ad platform, sometimes it tries to drop malware disguised as phony antivirus software.
The ads are posted by Quora user Anafmadi20, who uses a URL shortener to disguise the destination of the ads he posts. The URL shortener redirects to a Google Sites site (which is now down; I filed a report with Google, which terminated the Google Site) that then redirected to a traffic handler that redirected to a site with the malicious JavaScript. This is one of this posts:
The link on this site leads to a terminated Google Sites page, but before his Google Sites account was terminated, it led through several intermediaries here:
Now, I’ve reported all of Anafmadi20’s content for spam, and Quora deleted some of it but allowed him to continue posting more. So, after posting the malware distributor for spam, I also posted a comment warning others not to click on the link because it goes to malware.
Apparently Quora moderation decided that comment was spam, so I’m now unable to post comments at all (even on my own answers).
This isn’t an isolated instance, by the way. There are multiple Quora users who are posting malware links; in fact, on the BlackHatWorld forum[1], an online forum catering to spammers, con artists, scammers, and malware distributors, there is an entire tutorial on how to use Quora to do this. (Yes, I’m serious.)
Quora is one of the favored black hat spam and malware distributors, thanks to a combination of weak technical defenses against spam, permissiveness toward repeat abusers, poor mechanisms to spot serial abusers, and weak moderation.
How embarrassing.
Anyway, there are organized rings for malware distribution operating on Quora.
For example, the History Hist spam gang. These are a group of people who post spam answers copy-pasted from other sites and run through ChatGPT to change the wording slightly, on various topics pertaining to history, often WWII. The things this spam group posts are often wildly inaccurate (that creates engagement in the comments, which feeds Quora’s distribution algorithm), and end in a link that says (Read Full).
The (Read Full) link goes to a Quora space called “History Hist” that then has links blog filled with answers copy-pasted from Quora. The blog site has rigged JavaScripts that display ads and sometimes redirect to malware downloaders.
I have, of course, reported the accounts and posts used by this spam and malware ring, and Quora has, of course, failed to act; the links continue to remain active. (See reference to “weak moderation” above.)
Not all of the History Hist posts have links. This is straight out of the BlackHatWorld tutorial: effective Quora spamming is done by posting content, often with deliberate errors on a subject people feel passionately about, to generate engagement.
Then, after people have started commenting, and the Quora algorithm has started putting the content into wider distribution, edit the content to add the rigged link.
So. Apparently Quora is, if not okay with this, at least tacitly tolerates it.
Why am I writing this?
Two reasons:
- I won’t be posting comments any more, apparently. I’m not ignoring you lovely people.
- Be very very very careful about any link you click on Quora. Quora has long been filled with spam, but it’s now getting increasingly dangerous as well. I strongly advise not clicking on Quora links unless you’re quite careful and you know what you’re doing.
1. Yes, I read BlackHatWorld, for much the same reason I read incel dot es and other incel forums—it’s nice to keep up with what the shitty people are doing. I’m not linking to the tutorial.