Doctor Web, which earlier this month was the first to report the , mined data it's intercepted from compromised computers to come up with its findings.

The company, along with other security vendors, has been "sinkholing" select command-and-control (C&C) domains used by the Flashback botnet -- hijacking them before the hackers could use the domains to issue orders or update their attack code -- to both estimate the botnet's size and disrupt its operation.

In a , Doctor Web published an analysis of the communications between 95,000 Flashback-infected Macs and the sinkholed domains. Those communication attempts took place on April 13, more than a week after Doctor Web broke the news of the botnet's massive size.

Flashback has used a critical vulnerability in Java to worm its way onto Macs. Although Apple, which continues to maintain Java for its OS X users, patched the bug in early April, it did so seven weeks after Oracle disclosed the flaw when it shipped Java updates for Windows and Linux.

Not surprisingly, 63.4% of the Flashback-infected machines identified themselves as running OS X 10.6, or Snow Leopard, the newest version of Apple's operating system that comes with Java.