Well, the recent mess with Java exploit has taught Apple a valuable lesson: don't wait for something to happen before dealing with it. Still, their response (late as it was) seemed to be the right one: a Java fix; a tool to detect and remove the trojan; a tool to detect and remove the trojan if you don't have Java(?); and getting the trojan hosting sites closed down.
It's a pity that one of those trojan sites turned out to be a test site belonging to Dr Web, the company that brought the problem to everyone's attention ... Honest mistake, guv'ner ... :-/
And Kaspersky didn't exactly cover themselves with glory either. They beat Apple to the punch by rushing out a tool to detect and remove the trojan. The tool was then withdrawn days later when Mac users found it was locking them out of their accounts. If they were hoping that this event was going to get them a way into the Mac market then I'm afraid they may have just blown it. The lesson there is to wait for the official response from your vendor, and not to go hunting around the internet for any dodgy bit of code that will probably make the problem worse (or introduce a problem where you didn't have one before).
In reporting the 600,000 case of the trojan, I should have mentioned that both Dr Web and Kaspersky said that it was 'most likely' that they were looking at 600,000 Macs because the method they use to identify the machines is not 100% reliable.