Good news for Mac users: An infected OS X is still not as profitable to cybercriminals as an infected Windows machine.

But the bad news is that the bad guys are looking at infected Macs as a potential money-maker. Sophos researcher Dmitry Samosseiko at the Virus Bulletin conference in Geneva this week gave an inside view of the Russian "partnerka," a network of cybercrime affiliates who spew spam and malware (think "Canadian Pharmacy" Website) -- including information on one black market Website that a few months ago offered 43 cents per infected Mac OS X machine, which was at least 10 cents less than what infected Windows machines were going for in the cyber underground at the time.

The Website offering the deal, MacCodec.com, also provided malware-laced phony video players to help the affiliates infect the Macs. The site has since disappeared from the Web, according to Sophos.

"Mac users are not immune to the scareware threat. In fact, there are 'codec-partnerka' dedicated to the sale and promotion of fake Mac software," Samosseiko wrote in his research paper (PDF).

A partnerka contains hundreds of affiliate networks that sell fake watches, fake antivirus, fake prescription pills, and other online scams, according to Samosseiko. "The affiliate networks focused on the promotion of illegal products are part of a growing multimillion dollar 'industry.' Affiliate web marketing also became the main driving force behind the recent explosion in malware, website infections, email spam and general web pollution," he wrote.

But the good news is pressure from researchers, law enforcement, and hosting companies is forcing some of the scareware operations to go deeper underground or shut down altogether, he says.

Meanwhile, Mac users shouldn't celebrate too soon: "The growing evidence of financially motivated criminals looking at Apple Macs as well as Windows as a market for their activities, is not good news. Especially as so many Mac users currently have no anti-malware protection in place at all," blogged Sophos' Graham Cluley yesterday.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.