I realise you're trolling but there are two common malware paths these days:
(1) Drive by Downloads - where exploits in things like PDFs, or Flash cause Remote Code Execution on the affected users box, by exploiting flaws in installed software. Hopefully privileged elevation requiriring sudo or UAC will prevent these programs running as admin/root, but often it's just enough that these apps run as a user class.
(2) Stupid Users- people who have been trained to download anything from anywhere and just run it.
OSX, like Windows, is vulnerable to both, because the software distribution model is totally broken. The app store may help, but i'll still put my trust, for now, in the linux repo model.