People who are swamping the net with the filth that is the end result of their carelessness, naivete, and incompetence are anything but innocent. Just because the end luser is some old granny who wants to share photos of her grandchildren doesn't mean she's magically entitled to flood the internet with malicious packets because she doesn't know how to keep Windows updated.
I'd of course rather not see those machines DDoSed offline, I wish that ISPs would simply kick them off their networks if they exhibit the hallmarks of being compromised until the user can demonstrate their computer has been cleaned and secured.
Vigilante policing of the internet is fun to think about, but realistically would just add to the problem. The only sort of vigilantism that I approve of are those rare instances of someone who, say, rewrites a worm that spreads itself like the original version, but actually has the worm patch the hole without the knowledge or consent of the owner a few days after it's infected the machine and attempted to propagate across the network to other vulnerable machines in need of repair.