The only constant is the malicious domain name.
If we are able to take care of all the rest, and DNS becomes the one facet which can rewind the wheel, DNS is the problem.
You have just explained how DNS is *NOT* the problem. The only constant is the domain name. That is handled by domain name registries, not by the DNS. Since domain name registries are not a technical issue, there is no technical solution to the problem. I suggest that you would get further by working with (or suing) the domain name registries that allow these domain names to be so "constant".
Or we can look at it from a different perspective: Should bad guys be able to register thousands of domains with "amazon" and "paypal" in them every day?
In my opinion, yes. This gives the police something to subpoena from the registries to track down these people. If they were registering random words from the dictionary, the police would not know what records to subpoena. And if the registries disallowed applications with amazon and paypal in them, then the crooks would be using random words from the dictionary.
Should there be black hat malicious registrars around?
Yes. Again it gives a target for the police. As the FBI learned in the 1950's, you get much further by chasing the money than by chasing the men behaving badly. --Michael Dillon