The problem of corrupted exit servers is indeed one that we should all
ponder until a solution may be found. However, setting up, say, 1,000 hidden,
slaved, correctly configured tor servers via a bot net may be rather more
difficult to accomplish than you have fully considered. Entry guards and
middlemen probably wouldn't be useful to an attack coordinator.
From the start, there have always been less bad then good.....
Why not have all the servers "look" at other servers and verify they are "good".
Notify the server admin or a central server, if something doesn't look right.
Is it possible to remotely test software ?? Or can this always be overcome with
corrupt code on the "bad" server ?