Easy, but won't happen anytime soon. All ISPs will do is to block both modems if its cloned, then wait until the real customer calls in to complain (In which case, they'll dispatch a tech and charge the customer a replacement fee for the new modem and an additional fee for the tech to come out to troubleshoot despite the ISP knowing exactly what was wrong).
They have no incentive to stop malware from spreading across their networks, in fact they tend to profit from it (more traffic means the customer is more likely to go over their data cap, and can thus charge them far more).
I've attached an SDR to a coax-tap that sits right in front of my modem and pushing it through some software to decode the signal so I can pipe the packets to tcpdump and record them (with filters to strip out my own packets, of course). So far, I've not seen a single patch come down from my ISP even though the modem's firmware is wildly out of date (the sticker on the flash chip shows that the software version was released in late 2013 and the modem continually reports that software version when the CMTS requests modem info).