If it's that easy...
If so many attacks are apparently so simple - ie - attacking ports 135 (30%), 139 and 22 - (12%), then why aren't more people simply closing off these ports at their firewalls?
I can accept that for ports 135 and 139, in many cases, these will be attacks on machines at home and the poor victim won't know one end of an ethernet cable from the other (actually, they're the same... ok - bad analogy), but I would think that most people using SSH know a bit about what they are doing and so ought to be on top of this problem.
Maybe there ought to be a standard whereby internet router manufacturers pre-set their equipment with default firewall rules to block these very common ports on the basis that if you DO want these ports open, you probably know what you are doing anyway and can open them up again.
Most people only need outgoing ports TCP 25, 80, 110 (I think that's POP, no?), 143 (IMAP, or 993 - IMAPS), 443, and UDP 53 plus a few other ports for the pirated-software-and-music-distribution-protocol software of your choice. Everything else can be closed off, most people wouldn't see the difference, and for the most part, it would save an awful lot of grief.