I blame Microsoft
Yes yes, no one should have an SMB port open to the internet, but poorly configured DMZs or small branch offices that are supposed to get their internet from the main office but improperly add their own 'business internet' connection from the local ISP because it is faster are probably more common than anyone cares to admit.
Microsoft firewalls off most ports by default, but leaves port 445 wide open. Why? Surely it would make more sense to have it open to ONLY the PC's local subnet, since that will suffice for 99% of home/small business installs! Require a configuration change by the admin to open it up wider - i.e. if your company uses 10.x.x.x internally open it up to 10.0.0.0/8, and pop a warning before allowing someone to disable it entirely.