Of course the root cause for all these still remains that certain
OS vendor makes (and contines to) bad security design choices and
this results in users of their system getting infected and being
used as spam zombies. Combined with that is that many ISPs don't
maintain good enough policies to shutdown infected users quickly
or block their accounts from access to SMTP on per-user basis.
Last is sometimes due to low margins and ISPs trying to cut cost
and it is effecting abuse department - which the basicly the one
part of the company that not only not make any money but causes
to loose some business...