Malware for OS X, called "Backdoor.Flashback", is running on up to 550,000 different machines mostly located in the United States and Canada. Dr.Web's report is extremely detailed, including an infographic of infections by countries. The botnet stems from machines being redirected to bogus websites, or other traffic distribution systems. Sites used for this are presumably of Russian origin, but the number of sites is currently unknown.Dr.Web initially reported that 550,000 Macs are infected but revised the number to "over 600,000" via a Twitter message.
JavaScript code is used to load to a Java-applet containing the actual exploit. At the end of March, a Google search found around four million different page which could be spreading the malware. Some posts on Apple's own user forums describe being infected with the malware when visiting DLink.com; DLink produce routers and similar devices.
Exploits are being distributed over three main weaknesses:
CVE-2011-3544 CVE-2008-5353 CVE-2012-0507
Source: Neowin