To be fair to the ISP's out there, we aren't talking a few connections here, we're talking many tens or hundreds of thousands if not millions (for the bigger providers) of links. All of which would require deep packet inspection in order to determine what the packet actually is.

To do this in real time requires some very scary kit indeed and it isn't cheap in anyone's language.

Then as has been previously mentioned, there is the liability (in terms of privacy as well as what happens should a customer still get infected). The water gets deep and murky very quickly.

Most ISP's tend to block types of traffic (file sharing bit torrent for example) rather than individual applications.