This is not difficult
1: a "simple" level of ISP monitoring. Basically, maintain a list of known and VALIDATED (as reported by the government and other security agencies) IPs and domains known to be harboring botnets, hackers, and other scams. This list should not be a "the site you;re attempting to access may be infected." This should be a "that site exists soley for scams or to infect your machine or to control bots on your computer." This should not be a list maintained independently by ISPs, but a natioal, or internationally distributed list.
If a PC on your network accesses one of those known sites on a port/protocol known associated with a virus, you get a 404 error (or equivalent) and the traffic is blocked. If you clicked a link associated with a scam, you'll get a notice on screen, another in the primary e-mail account the ISP has on file (and all other backup accounts on file), and instructions to go to your ISPs home page, log in, and read a security report (which includes NO LINKS to get there and makes clear you will never be linked to such, ever, to avoid potential abuse of this notification system.
If you clicked a link and got a notice because you tried to go to a scam site, your bad. Hopefully this will raise awareness. If you're REALLY certain the link is legitimate, you can go to your ISP home page, log in, report the URL, and request it be unblocked. Within 60 minutes, someone should do that for you, or confirm you are the victim of a scam and mistaken. If some application on your PC is trying to connect to a bot server however, we need a different response in addition to the e-mail alerts:
2: When you do something dumb, the ISP tries to protect you and gives you a warning, which if you're really dumb you can ignore and bypass by request of tech support, unless the government itself has issued a block of all traffic to that address via the courts and due process (take-down of the site, it;s not on the net anymore to reach, which should be the natural next step after a warning about not going there goes out). However, if you have a bot, often those things are moving targets. Taking down one site might not prevent alternate sites from communicating your your infection, or when international based servers are involved and take-downs take time. The ISP needs to act on behalf of others, not you.
Network quarantine, and a notice on screen if you attempt to go to any sites other than those of OS vendors, security app vendors, and sites registered with the government that can assist in virus removal. A list of these should be included in the warning (no links). If you absolutely HAVE to bypass this quarantine, there should be a link on your ISP page (after you log in) to release the quarantine for 24 hours. There should be a fee ($10?) and you can;t do this more than 3 days in a row for any reason. OR, prove to the ISP you are infection free by running an AV scan using today's latest definition pack, screen shot the results, and mail the to the helpdesk. Since this is triggered by application activity on known ports to known sites, the risk of false positive should be very very small.
Anyone on a business class connection should receive only warnings, not quarantine, but might suffer increased fees if the issue is not dealt with "swiftly" after multiple days of warnings (including a contact call).
3: "Certified internet security aware." People in the know (or who bother to GET in the know) should be able to take a simple web based exam, hosted by any of a number of certified testing centers (CompTIA, etc), to become "internet security aware", and provide that certification to their ISP, along with a screen shot of the expiration date of the AV client installed on their computer (one for each MAC address in the home), and a list of non-PC MAC addresses as well (set top boxes, NAS, etc, that might access the net for content or updates). Going through this simple process would avoid the automatic quarantine, and allow those who would prefer no disruption to services to receive only notices and not be quarantined for several days. This test, and materials to pass it, would be under $5, and would be good for 2-3 years, and be able to be passed from ISP to ISP without retaking it.
So, in summary:
1: you do something dumb, and a router alerts you there might be an infection or scam at a web site.
2: you're infected and we know it, they notify you 7 ways from Sunday and quarantine your machines until you prove clean with a scan, or pay $10/day to get online anyway for up to 3 days.
3: you certify and maintain AV on all your PCs and can avoid the quarantine complications (and extra fees if you solve the issue quick) and still get notified 7ways from Sunday if they detect activity, and could still be quarantined if you go more than 3 or 4 days without resolving the issue.