Sections named databefore, datainject, and dataafter made the web injections themselves look similar to the widespread Zeus malware (there may have been a connection between this and the 2011 Zeus source code leak). Cridex 0.77–0.80

 http://www.pbwcz.cz/Articles%20of%20english/virus.html