Nothing new, really
I've been observing my logs every morning since 2004, and I've seen this pattern occur as well, getting more common since last year: multiple usernames and daemons are knocked with a hope of an easy/non-existing password and then moving on or dropping attempts.
Other trick has been "obvious" usernames (which doesn't work so well since I live in a place where English-based names do not rule the roost; however, I've seen attacks tailored for the area as well, so the script-kiddies are definitely getting smarter and more aware of other cultures around them).
I've tried in a couple of cases to e-mail the owners of the attacking server (when it doesn't seem to originate from a non-dynamic address; solving who owns what dynamic address is a royal pain in the butt), but I've never gotten a reply back -- not even a nod of 'thanks for noticing'. Maybe the mail systems of the hijacked server are set to automatically filter and kill mails from the attacked systems? (If I were a blackhat, that's what I'd do...)