It's not crap. Infected machines are no more the fault of the internet than junkmail in your mailbox is the fault of the post office. There's literally no difference to the model. The post office delivers mail that is addressed to you. They don't care if it's junk mail or not. They deliver it.
So what about little envelopes with white powder? Does the post office still have an obligation to deliver it or should they be concerned about the welfare of their customers? Perhaps they should insist that customers are properly vaccinated.... Point I am making is that the post office is not responsible and/or liable for the content of the packages they deliver. However, if they deliver packages that are obviously visibly dangerous to the recipient they have an obligation to investigate and not deliver the package.
Most residential ISPs get paid the same whether the customer spews abuse or not. Their costs go up some when they get abuse complaints and when abuse starts using more bandwidth, so, for the most part, most residential ISPs have no incentive to support abuse, but, not enough incentive to pay to staff an abuse department sufficiently to be truly responsive. Further, most abuse departments don't get enough support from management when the sales and marketing departments come whining about how much revenue that abusing customer produces each month. This is one of the unfortunate realities of a free-market economy. It doesn't always tie profit to doing the right thing, and, it favors short-term thinking over long-term planning.
Who do you suppose pays for the abuse department staff? Those are operational costs passed on to all customers. If increasing abuse results in increasing staff, hopefully eventually, these cost will most likely be passed on to all customer. It would be nice to see per incident billing so only offenders and repeat offenders pay. I doubt that'll happen (just a gut feeling, no other justification). Adi