I don't really understand the attack vector the ISP is using, unless it's exploiting some kind of flaw in higher-level software than BitTorrent itself.
A torrent should be identified uniquely by a hash in a magnet URL.
When a BitTorrent user obtains a hash, as long as it's from an https webpage, the ISP shouldn't be able to spoof the hash. You'd have to either get your own key added to a browser's keystore or have access to one of the trusted CA's keys for that.
Once you have the hash, you should be able to find and validate the Merkle hash tree from the DHT. Unless you've broken SHA and can generate collisions -- which an ISP isn't going to -- you shouldn't be able to feed a user a bogus hash tree from the DHT.
Once you have the hash tree, you shouldn't be able to feed a user any complete chunks that are bogus unless you've broken the hash function in BitTorrent's tree (which I think is also SHA). You can feed them up to one byte short of a chunk, try and sandbag a download, but once they get all the data, they should be able to reject a chunk that doesn't hash to the expected value in the tree.
I don't see how you can reasonably attack the BitTorrent protocol, ISP or no, to try and inject malware. Maybe some higher level protocol or software package.