1. tardus's Avatar
    Last night and this morning my LG G4 with Marshmallow downloaded the file "xdm_iframe.bin" - both times I deleted it from the download folder.
    Any idea what this file is?.
    02-17-2016 07:25 AM
  2. Tim Connor's Avatar
    I have the same issue on my HTC One M8. Seems like no one has an answer.
    02-17-2016 07:57 AM
  3. JimSmith94's Avatar
    I also got it this morning on my Nexus 6. There are a few more details and a listing of the file here: https://community.verizonwireless.com/thread/904211

    My code reading skills are pretty rusty, but it looks to me like it's executing remote scripts, so I deleted it. If you don't know, it will be in your Download folder, in my case /sdcard/Download.
    02-17-2016 09:45 AM
  4. katesbb's Avatar
    Same thing happened to me last night on my Verizon 2014 Moto X with Lollipop. Never saw it before. Not sure which app downloaded it.

    I can't quite figure out what the script is supposed to do, but the code seems to be too nicely commented to be malware. Though I suppose malware authors can be disciplined coders too

    UPDATE: Also happens when clicking on a CNN tweet to open a CNN news story. Tries to download from z.cdn.turner.com when using FIreFox on Windows 7.
    tardus likes this.
    02-17-2016 12:00 PM
  5. tardus's Avatar
    Same thing happened to me last night on my Verizon 2014 Moto X with Lollipop. Never saw it before. Not sure which app downloaded it.

    I can't quite figure out what the script is supposed to do, but the code seems to be too nicely commented to be malware. Though I suppose malware authors can be disciplined coders too

    UPDATE: Also happens when clicking on a CNN tweet to open a CNN news story. Tries to download from z.cdn.turner.com when using FIreFox on Windows 7.
    I was on CNN too. I think that's the culprit. Good to know not a Marshmallow issue since you'r on Lollipop.
    02-17-2016 12:42 PM
  6. Toltepeceno Delsur's Avatar
    I do not have it so it may be a cnn thing as I do not go to cnn.
    02-17-2016 12:45 PM
  7. Cody Barnyak's Avatar
    This just happened to me. The same file downloaded after clicking a CNN link from Google Now.
    02-17-2016 11:15 PM
  8. Eric Payne's Avatar
    Has anyone figured out what would possess CNN to be doing this?
    I guess this makes be the latest...ummm...bug eater?
    For those who don't know... a .bin file is a binary file. Typically, they are viewed using hex editors. If a text editor like notepad.exe is use to view a .bin file, usually, it's unreadable and wont look like anything familiar.
    I used a html editor to view it and, I agree with katesbb. It does look pretty clean but, .bin files typically do some pretty heavy lifting! They're often use for flashing BIOS firmware on your computer and, by default, they want to be burned to a disk when clicked. That's to make it ready for a BIOS flash. It's not a project for the feint of heart! You could seriously turn your computer into a brick if you're not careful or flash the wrong firmware!
    Knowing all of that raises a couple questions for me...
    1) Why would CNN glitch in such a shady manner? Auto-downloading suspicious files n' such?
    But what I really want to know is...
    2) Does anybody else specifically recall never searching for CNN or clicking any CNN links?
    I know I never did! It was an accident when I opened my browser and, I know for a fact that the CNN page I've never viewed wasn't the page I closed on!
    For being such clean code...something smells very fishy!
    I was kinda hoping I'd won the Willi Wanka Golden Ticket and was off tho visit the factory!
    As anyone tried it? Ya know...just in case it really might be a golden ticket in disguise?
    02-18-2016 12:07 AM
  9. dave_scr's Avatar
    I had the same file automatically download when I visited CNN via Chrome on my Ubuntu box AND when i visited CNN on my Nexus 5 (before and after last update).

    The file, xdm_iframe, is a web page with some javascript to set up a remote connection via the XMLHttpRequest library. The implementation is copied from a github example at the pmxdr repo from eli grey. The page also has links to some obfuscated javascript and json. (I would post the links, but the forum disallows it)

    I would guess the obfuscated easyXDM.ugly.js file is hiding the location of the remote server that is used in the XMLHttpRequest call. What's on that server and what is it going to serve up? I'm not sure. But I don't want to check it on my home computer. If somebody's got a sandboxed system they can test from I'd be curious what information gets sent over the wire when it is all executed.

    Has anybody found more info on this yet? I can't seem to find anything about it, which seems crazy seeing as we have arbitrary files being downloaded from one of the most popular news sites. Hopefully it's some shoddy developing from a 3rd party ad library or CNN themselves that's leaking some harmless file out, but I'm skeptical
    tardus and David Alfredo like this.
    02-18-2016 02:42 AM
  10. kingkong90210's Avatar
    I.m getting it too after visiting cnn

    Posted via the Android Central App
    02-18-2016 04:31 AM
  11. rodg24's Avatar
    I'm a news reader and started having this issue in the past few days. I'm not by any means tech guy.

    Cnn.com has a history of using what I call brute force to get you to download their app, which I hate the general feel and operation of. By force I mean every link you click on their mobile page would make you select the viewer, ie Chrome or Cnn app. And you could click "always" but always only means for that particular article and even more specific that version of that article unless of course you selected the app, then always really means always.
    When this download .bin file download started this behavior changed.
    I from an outside, non programmer perspective, believe this is a failed attempt to update their app strategy.
    I hope they fix it soon. I really want to tell them to fly a kite, but sometimes they do have news others do not.
    02-18-2016 07:58 AM
  12. photosanto's Avatar
    I have gotten this download, but only when I visit CNN. Each time I delete it and the next time I visit, it gets downloaded again. I have been reading CNN regularly now for at least a month, but this just started a within the last couple of days, so something has changed. I just went to their website and did a search for the file, but it yielded nothing. Then I went to their privacy policy (link at bottom of any page) and bingo! Under section IV "Cookies and Other User and Ad-Targeting Technologies.", item #3 "Locally Stored Objects." (LDO's) they explain the culprit.

    They mention some LDO's using Adobe, but I don't think this is happening in this instance because I don't have Adobe installed on my phone. Shame, because there is a setting in Adobe to prevent storage on the client side (us). Unfortunately Chrome doesn't have a setting to stop this. I'm using Chrome because at least I can prevent 3rd party cookies from being set. The default Lollipop browser doesn't seem to have any management of cookies at all.

    I am always am amazed how these companies have the nerve to feel this is acceptable. I have never liked the idea of any entity writing any information to my device without my consent or to make a website work properly in my browser. I had always hoped that some advocacy group (or the government) would have pushed back on the use of cookies back when they first appeared, but it never happened. It seems to have passed long ago that tracking everybody and anything is ok and we are no longer entitled to any privacy whatsoever. I'd be ok if I could op out or use a browser that blocks this stuff without breaking the page, but I haven't found one that does. Our rights are being imposed upon and there isn't any out cry. I guess this is the sad new normal. Just one of the reasons people are so feed up with politicians and the government. They are not our advocates and I'm sure they are part of the problem.
    02-18-2016 12:01 PM
  13. katesbb's Avatar
    For what it's worth, Opera (on Android) lets you at least cancel the attempted download, just as FireFox (on Windows) does.

    Why is it named .bin when it's a javascript file?

    The URL references all seem to be turner.com, so I'm assuming it's intentional by CNN and not malicious - but it's still seems sneaky, whatever they're doing.
    02-18-2016 12:34 PM
  14. tardus's Avatar
    Unrelated - you may recall that up until last year CNN was using Outbrain. Stories on the site with irresistible headlines were actually feeds to an entirely difference site - read more here. I wonder if CNN is up to its old tricks - implementing shady business practices to increase ad revenue?
    02-18-2016 12:55 PM
  15. JimSmith94's Avatar
    This could be a coincidence, but that file downloaded for me again after adding
    Code:
    www.forbes.com
    to the Adaway whitelist and accessing Forbes. I hope this isn't a sign of more sites pushing this file, whatever it is!
    02-18-2016 01:57 PM
  16. photosanto's Avatar
    Just to clarify, not that I understand the technology, but the file is placed by Turner Networks, which has an advertising relationship with CNN. How it is different from a cookie or other tracking and ad specific methods is beyond me. Either way, not cool that it just automatically downloads. I guess we should be 'lucky' that we at least know that the file was downloaded
    tardus likes this.
    02-18-2016 05:31 PM
  17. JimSmith94's Avatar
    This download has stopped for me, and I guess nobody else has this any more either.
    03-03-2016 11:19 PM

Similar Threads

  1. Replies: 8
    Last Post: 04-15-2017, 12:21 PM
  2. Replies: 18
    Last Post: 03-27-2016, 04:52 AM
  3. Lg g4 gallery and download problems
    By AC Question in forum Ask a Question
    Replies: 2
    Last Post: 03-03-2016, 04:55 PM
  4. How do I get downloaded books to playbooks?
    By AC Question in forum General Help and How To
    Replies: 0
    Last Post: 02-17-2016, 06:35 AM
  5. How to Stop Automatic Apps Download in Android Device ?
    By AC Question in forum General Help and How To
    Replies: 1
    Last Post: 02-17-2016, 01:36 AM
LINK TO POST COPIED TO CLIPBOARD