Re: And they are
" Whereas a Civil trial, the burden is on the defendant to prove that they are innocent beyond a reasonable doubt "
Actually, no. Civil cases are found on balance of probabilities. And I think even on that basis the plaintiff would have problems in proving that his loss stemmed from a particular site given that he would have visited many.
OTOH if the offence is to serve up - or participate in serving - malware then that would be provable by the sort of analysis in the article but without the need to prove which particular user was infected by which particular server. Several of the participants at the head of the chain could become liable to prosecution or, to put it another way, they would have good reason to put in place a vetting procedure. The chains which failed to apply vetting might have lower costs immediately but they might find themselves out of business a lttle later.