Limiting access
it does help, hate to break up the internet orgy fest, but a lot of folks do just block off entire subnets, and straight away see the attacks lessen.
It is simple maths really, but beyond the direct proportions, you will find attacks that originate outside your country are dis-proportionally higher. The reason is there is less chance of being physically caught if a border or two is being crossed, beyond the amusing let's call x or y country the cracker hotzone, that just appeals to the tribal nature of us.
Hosting in another country is not a bad idea, that way you have a couple of jurisdictions with which to pursue the attacker from.
There is more that can be done, and it would be good to see banks, and ecommerce systems take the lead here. For the main, those are the systems that need protecting, and banks should already be offering access only from IPs internal to the country (in some ways they should be going further and limiting it to a static IP or groups of IPs from the ISP), obviously at the customer's behest.
And still there is more to do, but I would prefer computer security pros get paid then fraud run rampant, and that is the equation we should be looking at when deciding to put in security or not.
Zombie machines will be with us for a long time, even if Linux takes the desktop, the windows users wants to bring in all their bad insecure practices, it is amusing and terrifying all at once.