An interesting note is that rootkit developers reuse code: four of the rootkits use the same audit log scrubbing program (
sauber
), and another three use a different program (
zap2
).