In response to those who said it was old stuff, and off web pages, yes, it is just that. Maybe I should have just posted URL's and pointed people there, but the scariest part was finding this stuff so easily on the WWW. I'd like to encourage everyone to post URL's (quite a few turned up in the collective responses) as they find them and/or cache anything relevant (in case it closes down or similar). I guess the only reason that I posted it was that there is little communication between those of us who think we're white hats and Mark Graff's posting some time ago sparked quite a deal of interest. Whilst there may not have been anything new for some people, or the content werid, I didn't do any sort of preprocessing before gzip'ing it (including check .zip's, etc) but perhaps should have included URL's. As for calling it "rootkit", I didn't spend much time thinking of a name. Yes, I've written some "interesting" programs to see how things work on my systems and have given them out to various people. What's more, I'm sure there are other bits and pieces which I've collected over the years (definately not anything fantastic and probably very lame in comparison to anything people would have if they've caught a hacker moving it around or similar) which would interest people but transferring stuff from home is just too much hassle. I'm sorry if anyone was disappointed in what I managed to collect, I had no idea what was "out there" before I looked and I'm sure there are others who likewise don't know (for whatever reason). cheers, darren