xdm_iframe.bin downloads automatically

tardus

Well-known member
May 26, 2014
1,273
0
0
Visit site
Last night and this morning my LG G4 with Marshmallow downloaded the file "xdm_iframe.bin" - both times I deleted it from the download folder.
Any idea what this file is?.
 

katesbb

Well-known member
Feb 15, 2013
92
0
0
Visit site
Same thing happened to me last night on my Verizon 2014 Moto X with Lollipop. Never saw it before. Not sure which app downloaded it.

I can't quite figure out what the script is supposed to do, but the code seems to be too nicely commented to be malware. Though I suppose malware authors can be disciplined coders too ;)

UPDATE: Also happens when clicking on a CNN tweet to open a CNN news story. Tries to download from z.cdn.turner.com when using FIreFox on Windows 7.
 

tardus

Well-known member
May 26, 2014
1,273
0
0
Visit site
Same thing happened to me last night on my Verizon 2014 Moto X with Lollipop. Never saw it before. Not sure which app downloaded it.

I can't quite figure out what the script is supposed to do, but the code seems to be too nicely commented to be malware. Though I suppose malware authors can be disciplined coders too ;)

UPDATE: Also happens when clicking on a CNN tweet to open a CNN news story. Tries to download from z.cdn.turner.com when using FIreFox on Windows 7.

I was on CNN too. I think that's the culprit. Good to know not a Marshmallow issue since you'r on Lollipop.
 

Eric Payne

New member
Dec 7, 2013
3
0
0
Visit site
Has anyone figured out what would possess CNN to be doing this?
I guess this makes be the latest...ummm...bug eater?
For those who don't know... a .bin file is a binary file. Typically, they are viewed using hex editors. If a text editor like notepad.exe is use to view a .bin file, usually, it's unreadable and wont look like anything familiar.
I used a html editor to view it and, I agree with katesbb. It does look pretty clean but, .bin files typically do some pretty heavy lifting! They're often use for flashing BIOS firmware on your computer and, by default, they want to be burned to a disk when clicked. That's to make it ready for a BIOS flash. It's not a project for the feint of heart! You could seriously turn your computer into a brick if you're not careful or flash the wrong firmware!
Knowing all of that raises a couple questions for me...
1) Why would CNN glitch in such a shady manner? Auto-downloading suspicious files n' such?
But what I really want to know is...
2) Does anybody else specifically recall never searching for CNN or clicking any CNN links?
I know I never did! It was an accident when I opened my browser and, I know for a fact that the CNN page I've never viewed wasn't the page I closed on!
For being such clean code...something smells very fishy!
I was kinda hoping I'd won the Willi Wanka Golden Ticket and was off tho visit the factory!
As anyone tried it? Ya know...just in case it really might be a golden ticket in disguise?
 

dave_scr

New member
Feb 18, 2016
1
0
0
Visit site
I had the same file automatically download when I visited CNN via Chrome on my Ubuntu box AND when i visited CNN on my Nexus 5 (before and after last update).

The file, xdm_iframe, is a web page with some javascript to set up a remote connection via the XMLHttpRequest library. The implementation is copied from a github example at the pmxdr repo from eli grey. The page also has links to some obfuscated javascript and json. (I would post the links, but the forum disallows it)

I would guess the obfuscated easyXDM.ugly.js file is hiding the location of the remote server that is used in the XMLHttpRequest call. What's on that server and what is it going to serve up? I'm not sure. But I don't want to check it on my home computer. If somebody's got a sandboxed system they can test from I'd be curious what information gets sent over the wire when it is all executed.

Has anybody found more info on this yet? I can't seem to find anything about it, which seems crazy seeing as we have arbitrary files being downloaded from one of the most popular news sites. Hopefully it's some shoddy developing from a 3rd party ad library or CNN themselves that's leaking some harmless file out, but I'm skeptical
 

rodg24

New member
Feb 18, 2016
1
0
0
Visit site
I'm a news reader and started having this issue in the past few days. I'm not by any means tech guy.

Cnn.com has a history of using what I call brute force to get you to download their app, which I hate the general feel and operation of. By force I mean every link you click on their mobile page would make you select the viewer, ie Chrome or Cnn app. And you could click "always" but always only means for that particular article and even more specific that version of that article unless of course you selected the app, then always really means always.
When this download .bin file download started this behavior changed.
I from an outside, non programmer perspective, believe this is a failed attempt to update their app strategy.
I hope they fix it soon. I really want to tell them to fly a kite, but sometimes they do have news others do not.
 

photosanto

New member
Aug 3, 2013
2
0
0
Visit site
I have gotten this download, but only when I visit CNN. Each time I delete it and the next time I visit, it gets downloaded again. I have been reading CNN regularly now for at least a month, but this just started a within the last couple of days, so something has changed. I just went to their website and did a search for the file, but it yielded nothing. Then I went to their privacy policy (link at bottom of any page) and bingo! Under section IV "Cookies and Other User and Ad-Targeting Technologies.", item #3 "Locally Stored Objects." (LDO's) they explain the culprit.

They mention some LDO's using Adobe, but I don't think this is happening in this instance because I don't have Adobe installed on my phone. Shame, because there is a setting in Adobe to prevent storage on the client side (us). Unfortunately Chrome doesn't have a setting to stop this. I'm using Chrome because at least I can prevent 3rd party cookies from being set. The default Lollipop browser doesn't seem to have any management of cookies at all.

I am always am amazed how these companies have the nerve to feel this is acceptable. I have never liked the idea of any entity writing any information to my device without my consent or to make a website work properly in my browser. I had always hoped that some advocacy group (or the government) would have pushed back on the use of cookies back when they first appeared, but it never happened. It seems to have passed long ago that tracking everybody and anything is ok and we are no longer entitled to any privacy whatsoever. I'd be ok if I could op out or use a browser that blocks this stuff without breaking the page, but I haven't found one that does. Our rights are being imposed upon and there isn't any out cry. I guess this is the sad new normal. Just one of the reasons people are so feed up with politicians and the government. They are not our advocates and I'm sure they are part of the problem.
 

katesbb

Well-known member
Feb 15, 2013
92
0
0
Visit site
For what it's worth, Opera (on Android) lets you at least cancel the attempted download, just as FireFox (on Windows) does.

Why is it named .bin when it's a javascript file?

The URL references all seem to be turner.com, so I'm assuming it's intentional by CNN and not malicious - but it's still seems sneaky, whatever they're doing.
 

tardus

Well-known member
May 26, 2014
1,273
0
0
Visit site
Unrelated - you may recall that up until last year CNN was using Outbrain. Stories on the site with irresistible headlines were actually feeds to an entirely difference site - read more here. I wonder if CNN is up to its old tricks - implementing shady business practices to increase ad revenue?
 

JimSmith94

Well-known member
Oct 3, 2011
664
2
18
Visit site
This could be a coincidence, but that file downloaded for me again after adding
Code:
www.forbes.com
to the Adaway whitelist and accessing Forbes. I hope this isn't a sign of more sites pushing this file, whatever it is!
 

photosanto

New member
Aug 3, 2013
2
0
0
Visit site
Just to clarify, not that I understand the technology, but the file is placed by Turner Networks, which has an advertising relationship with CNN. How it is different from a cookie or other tracking and ad specific methods is beyond me. Either way, not cool that it just automatically downloads. I guess we should be 'lucky' that we at least know that the file was downloaded :-\
 

Trending Posts

Forum statistics

Threads
941,444
Messages
6,908,857
Members
3,157,927
Latest member
zigzagchamber