That needs qualifying as #1 in the HOME market. There are many more servers running various brands of Unix and Linux out there than there are running IIS or Apache on a Windows box (though not an insignificant ammount).
Servers are naturally harder to get viruses or trojans onto them as they're generally not used to surf the web, and the only applications executed on them should be done by a responsible sysadmin - who should know better.
Windows is targeted as it is the #1 Home and Business OS, and as most people are clueless about how the technology actually works (running with admin privileges, surfing dodgy sites, falling for phishing scams, opening spam emails). A street magician or scam artist will only target those people who they see as a patsy. The obvious idiot. The lazy fool. Windows and IE attract them both, and they get burned for it.