An interesting note is that rootkit developers reuse code: four of the rootkits use the same audit log scrubbing program (sauber), and another three use a different program (zap2).