Yea, probably 1% or less of desktop users. However, I bet those targets would be extremely high value (dev environments, server access). I am sure advanced groups heavily invest in gaining access to servers.
Yeah, a lot of high-value secure systems run Linux and GNU. Web services, government systems, the vast majority (edit: it's now all) of the TOP500 supercomputers etc. I suspect at least part of it is that these systems get much more targeted attacks because of their high value, whereas viruses are to an extent un-targeted shotgun attacks. I suspect the economics of virus writing dictate that most of the effort is put towards the most popular platform, i.e. Windows.
The thing there is you almost never need external tooling post-exploitation on Linux; it ships with most of the tools you could want. Add on that nobody seems to be able to harden web servers or SSH, and why would you need "viruses" in a targeted attack? Hack naked, and there's no hash to find.