The Russian company's data also showed that many Mac users don't keep their machines up-to-date, something ZDNet blogger Ed Bott noted on Friday.
Twenty-four percent of the Snow Leopard-infected Macs were at least one update behind, 10.4% were three or more behind, and 8.5% were four or more behind.
Lion users were no better patch practitioners: 28% were one or more updates behind.
Of course, not all Windows users patch, either. According to Qualys, which regularly examines several hundred thousand PCs, 5% to 10% of business Windows machines never receive any given update.
Qualys has seen some Microsoft updates be ignored by 20% to 30% of Windows PCs for four months or longer.
But by Doctor Web's data, Mac users are even less likely to update promptly, or even at all. OS X 10.6.7, the second-to-last update for Snow Leopard, was first issued 13 months ago, yet 9% of the infected Snow Leopard Macs run that version.
To protect Snow Leopard and Lion systems from the Java-exploiting Flashback, users should launch Software Update from the Apple menu and download this month's Java updates. Software Update will also serve the newest version of those operating systems to Macs running outdated editions.
People running Leopard can disable Java in their browser(s) to stymie attacks.
Later this year, Oracle will release Java 7 for OS X. Mac users who upgrade to Java 7 will then receive security updates directly from Oracle, not from Apple.
Sign up for Computerworld eNewsletters.