On my website, excluding search engines, 100% of the hits from China and Russia have been malicious; either attempted comment spam or attempted hacks. And as AndreG noted, even the search engines can be problematic. Obviously this is not going to be true for everyone, but in my case I have a couple Russian ISPs completely blocked from accessing the site, and large portions of China as well.
A couple suggestions:
1) Look at your access logs, not just the summary provided by Awstats or the like. There are differences between real browsers and spam or hack bots that are readily apparent, once you're familiar with them. Also pay attention to referrers and browers ID strings, as those can both be used to identify bad access attempts.
2) Consider using something like Project Honeypot <projecthoneypot.org> to automatically block bad actors. There are addons to use with most common blogging software.
If anyone wants more specific suggestions, please ask.