On Tuesday, Apple finally released a Java patch for its newest operating systems. (Tim Wimborne/Reuters)

A botnet has been created from more than 550,000 computers running Mac OS X, mainly in the U.S. and Canada, a Russian security software company says.

In fact, almost 20 per cent of the infected computers are in Canada; 57 per cent in the U.S., including some in Cupertino, Calif., Apple's backyard.

Doctor Web, which sells antivirus software, reported Wednesday that the Backdoor Flashback 39 trojan malware was able to infect Macs via a security hole in Java, which was discovered several months ago.

On Tuesday, Apple finally released a Java patch for its newest operating systems, nearly two months after the Java problem was fixed for Windows, Linux and Unix, reported the Naked Security blog run by the U.K.-based security software company Sophos.

"This does make you wonder whether Apple takes security as seriously as it should," wrote Chester Wisniewski, senior security adviser at Sophos Canada on the blog. "Perhaps its public facing image of being invulnerable is the prevailing attitude within the company."

Mac users who have installed Java are advised to update it as soon as possible.

In the past, most malware has targeted Windows computers.

However, Doctor Web noted that the recent incident "once again refutes claims by some experts that there are no cyber-threats to Mac OS X."

Backdoor Flashback is particularly hazardous because it uses a "drive-by" attack — that is, it can automatically download itself to the user's computer without the user's knowledge or intervention if the user is tricked into visiting a malicious website hosting the file.