29-07-2012, 10:37 PM
Apple Mac Trojan named OSX/Crisis.
Discovered by Intego.
Intego is a Mac security software company founded in 1997.
They create backup, antivirus, antispam, data protection software, firewall for MAC OS X.
Now lets get back to our discussion
This threat is a dropper which creates a backdoor when it's run.
It installs silently, without requiring a password only in OSX 10.6,10.7 and Snow Leopard and Lion.
If the dropper runs on a system with Admin permissions it will drop a rootkit to hide itself.
With or Without Admin permissions this folder is created in the infected user's home:
only with Admin permissions,
A new folder will be created.
It uses low level system calls to hide its activities
Intego suggest to use VirusBarrier X6 need to update to get protected from OSX/Crisis.