I get requests for this all the time. Most of the time you can weed out the legit ones just by asking for justification but you will need that anyway to give to arin to get more addresses later on down the road.
If they made a country where people are computer-literate, there would be a lot less spam, hacking, DDOS, etc.
Security these days isn't a matter of being a pro. It's a matter of not being a fool. Most zombie systems these days aren't being hacked one by one... they're just scanned for vulnerabilities by an automated system.
-Don't install stuff you don't have a reason to trust (ie: "Internet Explorer Security Patch - Run me now.exe" on a website might not be the best thing to run)
-Don't leave open mail relays
-*USE COMMON SENSE*
I propose that people who gets their systems exploited and used for malicious activity be PENALIZED for it. Otherwise, they'll just be like "I pay $40/month for internet, now give me internet!"
Typical (hypothetical) end-user response for getting disconnected because their PC was being used to hack the FBI, spam, etc.: "I pay you guys $40/month for internet, I expect my children to be able to download music, you guys are frauds!!!!!! I'm telling all my friends about this!!!!"
Even a customer who is adverse to providing justification is not necessarily a red flag. Personally, I feel that justification is a pain in the rear but I deal with ARIN so I don't have the luxury of not providing it