Viruses aren't big on Windows either these days compared to years past. It's about $$$ now, not just destroying things for the sake of destroying them. The fastest and easiest way to get personal information is a straight forward app that you trick people into opening. It doesn't require any cunning or serious programming knowledge, just easy prey.
Viruses, meaning exploits that include privilege escalation, could be useful for online financial fraud as allow the install of rootkits without user intervention. But, easier methods yield more profit than client side app exploitation.
Most online financial fraud is due to SQL injection attacks against e-commerce websites. The attack gets access to the data storage for credit card information. This is easier to do than exploiting a web browser, which most likely only results in the compromise of a much lower volume of valuable information.
Credit card dumps are sold in bulk for around 50 cents per each set of track2 info (CC# and verification info). So, each persons' credit card info and verification data is only worth on average 50 cents to a black hat hacker. That info is not worth enough unless going after in bulk via e-commerce web app exploitation (SQL injection or XSS), botnets, or phishing scams.
Web app exploitation (PSN breach) is out of the control of consumers as not related to their personal system.
Phishing scams (MACDefender is essentially this type - asks for your credit card info) can only be reliably prevented by users and are most likely not very successful on any platform. At least, in terms of cost/benefit analysis. Writing MACDefender was probably more work than the PSN breach. Which do you think will provide better profit returns?
Botnets, which rely on rootkit install to gather sensitive data, typically can be avoided using discretionary access controls to protect modification of the system level without authentication and user knowledge to protect against social engineering. This method has been successful because Windows XP does not use DAC in the default account created. As XP market share goes down, botnets will become less successful.
Easily avoidable phishing scams and web app exploitation will increase as botnets become less successful. This type of phishing scam targeting Mac may be an indicator that this transition is occurring as social engineering is becoming the more viable methodology. There is nothing the average user can do about web app exploitation other than use as few e-commerce sites as possible to limit their exposure.
Also, as much if not more credit card info is collected for sale on "dump" websites from skimming, which requires physical access to the card, as opposed to hacking. The online element of the crime only manifests as part of the sale of the credit card information.
