Many, many ISPs these days have some form of transparent proxying which routes all requests on port 80 from their dialup, dsl or cable customers to an HTTP proxy, in a way that most 'normal' people don't notice.
A way to reduce the damage caused by ignorant people who don't realise that their Win2k box is running IIS would be to have these proxies drop any requests caused by Code Red or Code Red II and return a fake 404, or other error response. Since their scanning requests are in a predictable format, this should be trivial.
After the proxy server has got a bunch of dumb requests for a while, it should be reduced pretty much. In cases where they have proxies going inwards too, or other kinds of monitoring, they could do the same in reverse to prevent the scans from hitting their customers' systems in the first place.
This is within the ISP's power to do, and should cut out a large proportion of the infected boxen from the equation. Even if just home.com, AOL and SomePopularDSLCompany did it, it would be nice. Here in the UK, Blueyonder, NTL and BT can do it for their cable and DSL customers.
ISPs are just too damn lazy.