The company says it found Crisis on the VirusTotal website, which uses multiple AV engines to check user-submitted files and URLs.
Like later versions of Flashback, Crisis does not require the user to enter an admin password as it installs.
However, its behaviour does vary slightly depending on whether the user has admin permissions.
Crisis is said to work only on Mac OS X 10.6 Snow Leopard and 10.7 Lion. It has not been seen in the wild.
Intego has updated VirusBarrier X6 to detect both the dropper and backdoor components, and to block connections to 22.214.171.124.
Other security vendors will most likely follow suit.